If you're using SAML, upgrade now!

Palo Alto just released a security advisory warning that there is a severe vulnerability in SAML implementations. The premise is that if you are actively using SAML to authenticate users, and you have 'Validate Identity Provider Certificate' disabled, an attacker could bypass authentication

The vulnerability applies to any of the available authentication interfaces; GlobalProtect (portal, gateway, clientless), Captive Portal and the management interface. The attacker would be able to gain the same access as a legitimately logged in user, so they would be able to reach the same resources as a VPN user would be able to get, or gain full admin access over the firewall if they are able to reach a management interface.


This issue affects ALL PAN-OS version prior to 9.1.3, 9.0.9 and 8.1.15 so upgrade as soon as you possibly can, or enable 'Validate Identity Provider Certificate' if possible, or disable SAML altogether if the former options are not possible


Additionally, always make sure to limit administrative access to only a few resources, and make sure vpn users have tailored security rules that allow access to the needed resources only


Stay frosty!

reaper out


the original post can be found here : https://security.paloaltonetworks.com/CVE-2020-2021



61 views2 comments

Recent Posts

See All

Interview

For anyone interested in how I went from just thinking about, maybe, one day, writing a book to actually realising that dream; I had an interview with Packt about my journey: https://authors.packtpub.

  • Mastering Palo Alto Networks
  • PANgurus LinkedIn

©2020 by PANgurus.