cancel
Showing results for 
Search instead for 
Did you mean: 

Improper application configuration leading to multiple flaws

Improper application configuration leading to multiple flaws

We've a an issue identified by an assesment carried out on our setup that states the following are still available even if the web session is unathenticated

 

Https://*****/dana-cached/setup/JuniperSetupSP1.cab

Https://*****//dana-cached/sc/JuniperSetupClientInstaller.exe

Https://*****//dana-na/meeting/login_meeting.cgi?mid=DEFAULT

 

any ideas where I can adjust our config to fix this..? is it just the cach cleaner.?

2 REPLIES 2
Moderator
Moderator

Re: Improper application configuration leading to multiple flaws

We will not be able to block access to those files from the VPN server configuration, as they need to be downloaded and installed on the user machine, if there is any pre-authentication (before authentication) policies like host checks were enabled on the user realm i.e. host checker component will get downloaded with help of active-x object tags embedded on the webpage, which a Setup Client can read/parse.

 

Setup Client is the helper application which will parse the launch arguments from the VPN server and installs/invokes other Pulse Secure components from the user machine to carry out the requried tasks.

Moderator

Re: Improper application configuration leading to multiple flaws

Can you open a case with our support team for further investigation, please?
what version of software are you using?
in addition to @Ray's comment, the last URL is used by the Pulse Collaboration component, which has users joining that do not login to the appliance