CVE-2012-6596

Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS versions 3.1.x and earlier, 4.0.x through 4.0.8, 4.1.x through 4.1.2

Description The issue allows context-dependent attackers to obtain sensitive information by reading the authd.log file, where cleartext LDAP bind passwords are stored. This results in administrator passwords being logged and stored in clear text, potentially leading to unauthorized administration of the device.

Recommendations For versions 4.0.x through 4.0.8, consider disabling the default 'debug' logging level to prevent cleartext LDAP bind passwords from being logged to authd.log until a patch is available. For versions 4.1.x through 4.1.2, restrict access to the authd.log file to minimize the risk of exploitation. For versions 3.1.x and earlier, update to a version that does not store cleartext LDAP bind passwords in authd.log. At the moment, there is no information about a newer version that contains a fix for this vulnerability.