CVE-2022-0018

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect app versions 5.1 through 5.1.9 on Windows and MacOS Palo Alto Networks GlobalProtect app versions 5.2 through 5.2.8 on Windows and MacOS

Description An information exposure issue exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS. When the Single Sign-On feature is enabled, the credentials of the local user account are sent to the GlobalProtect portal. This behavior is intentional and poses no security risk when connecting to trusted portals with the same Single Sign-On credentials. However, when the credentials are different, the local account credentials are inadvertently sent for authentication. This issue is a concern for Bring-your-Own-Device (BYOD) clients with private local user accounts or when the app is used to connect to different organizations. A third-party MITM attacker cannot see these credentials in transit.

Recommendations For GlobalProtect app versions 5.1 through 5.1.9 on Windows and MacOS, update to version 5.1.10 or later to prevent the transmission of local user credentials to the target GlobalProtect portal. For GlobalProtect app versions 5.2 through 5.2.8 on Windows and MacOS, update to version 5.2.9 or later to prevent the transmission of local user credentials to the target GlobalProtect portal. As a temporary workaround, consider disabling the Single Sign-On feature in the GlobalProtect portal configuration until a patch is available.