An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
Published July 30, 2020.
Pulsesecure Pulse Policy Secure
Pulsesecure Pulse Connect Secure