First published: Thu Feb 10 2022(Updated: )
An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.
Credit: psirt@paloaltonetworks.com
Affected Software | Affected Version | How to fix |
---|---|---|
Paloaltonetworks Globalprotect | >=5.2<5.2.9 | |
Microsoft Windows |
This issue is fixed in GlobalProtect app 5.2.9 on Windows and all later GlobalProtect app versions.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2022-0021.
The title of this vulnerability is 'An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows.'
The severity rating of CVE-2022-0021 is 5.5 (medium).
GlobalProtect App 5.2 versions earlier than 5.2.9 are affected by this vulnerability.
This vulnerability exposes the cleartext credentials of the connecting GlobalProtect user when authenticating using the Connect Before Logon feature.