Pulse Secure

A hacker had published a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.

The list included IP addresses of Pulse Secure VPN servers, Pulse Secure VPN server firmware version
SSH keys for each server, a list of all local users and their password hashes, Admin account details, and Last VPN logins (including usernames and cleartext passwords), and VPN session cookies.

The hacker who compiled this list scanned the entire internet IPv4 address space for Pulse Secure VPN servers and used an exploit for the CVE-2019-11510 vulnerability to gain access to systems.

He further dump server details including usernames and passwords, and then collected all the information in one central repository.

Timestamps in the list, the dates of the scans, or the date the list was compiled, were between June 24 and July 8, 2020.

Source: https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/

"id": "PUL12323123",
"linkid": "pulse-secure?trk=public_profile_profile-section-card_subtitle-click",
"type": "Data Leak",
"date": "06/2020",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"