Incident Summary:
On April 12, 2021, Pulse Secure, DC Government's VPN vendor, reported an issue with their secure certificate preventing Windows end-point users from connecting to to the VPN using a browser to access. The Office of the Chief Technology Officer is monitoring their remediation progress and recommends using the PulseSecure desktop client, which is not impacted, in order to access the VPN.
Root Cause: Pulse Secure's code signing certificate to digitally sign and verify software components has expired.
[UPDATE] Resolution: PulseSecure has provided a release schedule which the OCTO security team is monitoring and will evaluate, test and implement the fix ETA this weekend.
Impacted Users: Windows VPN users that rely on a browser to connect to the VPN. Mac users are not impacted.
Who Can Access the VPN / No Impact: District VPN users using the PulseSecure VPN Client on their devices are not impacted.
Solution:
- Current VPN users on Windows devices should switch from a browser login to the client which is already on your device. To find your PulseSecure client please search selecting Start > PulseSecure.
- [UPDATE] User guide attached
- For new VPN users that do not have a PulseSecure Client on their device, it can be downloaded from:
- https://dcgov.app.box.com/v/dcvpnclient/folder/41003842798
- (ps-pulse-win-fips-9.1r11.0-b6727-64bitinstaller.msi)
How to Request Assistance:
- Users should reach out to OCTOhelps at 202-671-1566 with any questions on installing or finding the client.
CIOs and IT Leads: Please direct your Windows VPN users to use the PulseSecure Client. Please use the CWITS VPN Distro for further questions: [email protected]
More Info:
Press Article: https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-users-cant-login-due-to-expired-certificate/
Pulse Secure’s latest update on the issue: https://kb.pulsesecure.net/pkb_mobile#article/l:en_US/kA13Z000000fzbRSAQ/s