top of page

If you're using SAML, upgrade now!

Palo Alto just released a security advisory warning that there is a severe vulnerability in SAML implementations. The premise is that if you are actively using SAML to authenticate users, and you have 'Validate Identity Provider Certificate' disabled, an attacker could bypass authentication

The vulnerability applies to any of the available authentication interfaces; GlobalProtect (portal, gateway, clientless), Captive Portal and the management interface. The attacker would be able to gain the same access as a legitimately logged in user, so they would be able to reach the same resources as a VPN user would be able to get, or gain full admin access over the firewall if they are able to reach a management interface.

This issue affects ALL PAN-OS version prior to 9.1.3, 9.0.9 and 8.1.15 so upgrade as soon as you possibly can, or enable 'Validate Identity Provider Certificate' if possible, or disable SAML altogether if the former options are not possible

Additionally, always make sure to limit administrative access to only a few resources, and make sure vpn users have tailored security rules that allow access to the needed resources only

Stay frosty!

reaper out

the original post can be found here :

116 views2 comments

Recent Posts

See All

Script to automate (offline) firewall upgrades

The following script was created by o5e and since it addresses an issue encountered by many I thought I'd share it here (with permission of course!) Hopefully you'll find it as useful as I did, in whi

2 comentários

29 de jun. de 2020

I was wondering why they suddenly changed the recommendation status on all new PAN-OS without any fanfare or notifications... This was it ;)


Thanks Reaper, got the lowdown this afternoon. Already updated our production and now sending out to all our customers!

bottom of page