top of page
Writer's pictureReaper

If you're using SAML, upgrade now!

Palo Alto just released a security advisory warning that there is a severe vulnerability in SAML implementations. The premise is that if you are actively using SAML to authenticate users, and you have 'Validate Identity Provider Certificate' disabled, an attacker could bypass authentication

The vulnerability applies to any of the available authentication interfaces; GlobalProtect (portal, gateway, clientless), Captive Portal and the management interface. The attacker would be able to gain the same access as a legitimately logged in user, so they would be able to reach the same resources as a VPN user would be able to get, or gain full admin access over the firewall if they are able to reach a management interface.


This issue affects ALL PAN-OS version prior to 9.1.3, 9.0.9 and 8.1.15 so upgrade as soon as you possibly can, or enable 'Validate Identity Provider Certificate' if possible, or disable SAML altogether if the former options are not possible


Additionally, always make sure to limit administrative access to only a few resources, and make sure vpn users have tailored security rules that allow access to the needed resources only


Stay frosty!

reaper out


the original post can be found here : https://security.paloaltonetworks.com/CVE-2020-2021



116 views2 comments

Recent Posts

See All

2 Comments


Reaper
Reaper
Jun 29, 2020

I was wondering why they suddenly changed the recommendation status on all new PAN-OS without any fanfare or notifications... This was it ;)

Like

adam_coverdale
Jun 29, 2020

Thanks Reaper, got the lowdown this afternoon. Already updated our production and now sending out to all our customers!

Like
bottom of page