From debaa447334dc2ddeb540a39c67f7c5cc6d1f8d9 Mon Sep 17 00:00:00 2001
From: Quentin Kaiser <kaiserquentin@gmail.com>
Date: Wed, 25 Nov 2020 12:33:28 +0100
Subject: [PATCH] Safer connection store file reading by handling the case
 where user does not have permissions to read the file.

---
 modules/post/windows/gather/credentials/pulse_secure.rb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/post/windows/gather/credentials/pulse_secure.rb b/modules/post/windows/gather/credentials/pulse_secure.rb
index 42f6df3260..8a581e9272 100644
--- a/modules/post/windows/gather/credentials/pulse_secure.rb
+++ b/modules/post/windows/gather/credentials/pulse_secure.rb
@@ -108,8 +108,10 @@ class MetasploitModule < Msf::Post
         if !session.fs.file.exist?(path)
           next
         end
+        connstore_file = session.fs.file.open(path) rescue nil
+        next if connstore_file.nil?
 
-        connstore_data = session.fs.file.open(path).read.to_s
+        connstore_data = connstore_file.read.to_s
         matches = connstore_data.scan(/ive "([a-z0-9]*)" {.*?connection-source: "([^"]*)".*?friendly-name: "([^"]*)".*?uri: "([^"]*)".*?}/m)
         matches.each do |m|
           ives[m[0]] = {}