top of page

If you're using SAML, upgrade now!

Writer's picture: ReaperReaper

Palo Alto just released a security advisory warning that there is a severe vulnerability in SAML implementations. The premise is that if you are actively using SAML to authenticate users, and you have 'Validate Identity Provider Certificate' disabled, an attacker could bypass authentication

The vulnerability applies to any of the available authentication interfaces; GlobalProtect (portal, gateway, clientless), Captive Portal and the management interface. The attacker would be able to gain the same access as a legitimately logged in user, so they would be able to reach the same resources as a VPN user would be able to get, or gain full admin access over the firewall if they are able to reach a management interface.


This issue affects ALL PAN-OS version prior to 9.1.3, 9.0.9 and 8.1.15 so upgrade as soon as you possibly can, or enable 'Validate Identity Provider Certificate' if possible, or disable SAML altogether if the former options are not possible


Additionally, always make sure to limit administrative access to only a few resources, and make sure vpn users have tailored security rules that allow access to the needed resources only


Stay frosty!

reaper out


the original post can be found here : https://security.paloaltonetworks.com/CVE-2020-2021



121 views2 comments

Recent Posts

See All

Script to automate (offline) firewall upgrades

The following script was created by o5e and since it addresses an issue encountered by many I thought I'd share it here (with permission...

2 commentaires


Reaper
Reaper
29 juin 2020

I was wondering why they suddenly changed the recommendation status on all new PAN-OS without any fanfare or notifications... This was it ;)

J'aime

adam_coverdale
29 juin 2020

Thanks Reaper, got the lowdown this afternoon. Already updated our production and now sending out to all our customers!

J'aime
bottom of page