In Ivanti Pulse Secure Pulse Connect Secure (PCS) prior to 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. A read-only administrative user can escalate to a read-write administrative role.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pulsesecure pulse connect secure |
||
ivanti connect secure 9.1 |