CVE-2022-0021

Name of the Vulnerable Software and Affected Versions Palo Alto Networks GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows

Description An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows. This issue occurs when the Connect Before Logon feature is used, resulting in the logging of cleartext credentials of the connecting GlobalProtect user. The GlobalProtect app on other platforms is not affected.

Recommendations For GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows, update to version 5.2.9 or later to resolve the issue. As a temporary workaround, consider disabling the Connect Before Logon feature until a patch is available. Restrict access to log files to minimize the risk of exploitation.