Breaking Twitter’s VPN: $20,160 Bounty for a Pre-Auth RCE via Pulse Secure Chain

Tenable Research has published a case study of the way in which Orange Tsai and Meh Chang exploited multiple vulnerabilities in Twitter’s VPN to gain access to the company’s internal systems.
The researchers used an unpatched Pulse Secure VPN to access the company’s network without having to input any credentials.
After gaining access, the pair exploited several vulnerabilities, including one that gave them the ability to read cached passwords, which allowed them to access the system as an admin and execute code.
The vulnerability discovered by Tsai and Chang earned them a $20,160 bounty, which Tsai later presented at Black Hat USA 2019.
The case study is intended to show how essential it is to keep VPN appliances up to date, reminding users that unpatched VPNs can grant complete access to an organisation’s internal systems.

Fast Feed