SoylentNews is people
SoylentNews
Foreign hackers backed by a well-resourced government are likely to exploit a critical vulnerability in a host and VPN and firewall products sold by Palo Alto Networks, officials in the US federal government warned on Tuesday.
In worst-case scenarios, the security vendor said in a post, the flaw allows unauthorized people to log in to networks as administrators. With those privileges, attackers could install software of their choice or carry out other malicious actions that have serious consequences. The vulnerability, tracked as CVE-2020-2021, can be exploited when an authentication mechanism known as Security Assertion Markup Language is used to validate that users gave the proper permission to access a network. Attackers must also have Internet access to an affected server.
[...] The vulnerability can be exploited only when authentication is enabled and the validate identity provider certificate option is disabled. In that case, the affected Palo Networks products fail to properly verify signatures. The failure is the result of flaws in PAN-OS SAML. Vulnerable releases are PAN-OS 9.1, PAN-OS 9.0 earlier then 9.0.9, PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0. PAN-OS 7.1 is unaffected.
(Score: 1, Funny) by Anonymous Coward on Wednesday July 01 2020, @11:08AM (1 child)
Domestic hackers backed by a well-resourced government are likely to exploit a critical vulnerability in a host and VPN and firewall products sold by Palo Alto Networks, I warned on Tuesday. In worst-case scenarios, the flaw allows unauthorized TLAs to log in to networks as administrators. With those privileges, attackers could install software of their choice or carry out other malicious actions that have serious consequences. Attackers must have Internet access to an affected server, which is highly likely if the system was configured by a diversity hire.
(Score: 2) by krishnoid on Wednesday July 01 2020, @08:23PM
But in all fairness, you should account properly for the attackers and network administrators' privilege points [youtube.com].
(Score: 2) by driverless on Wednesday July 01 2020, @12:38PM (1 child)
It's called "Security Assertion Markup Language", meaning that the marketing people assert that it's secure. No-one actually checks that it is since it's already been asserted to be secure, so there's no need to actually make it secure.
(Score: 2) by DannyB on Wednesday July 01 2020, @04:43PM
It is secure against all known vulnerabilities that we care to know about.
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: 0) by Anonymous Coward on Wednesday July 01 2020, @12:50PM (1 child)
I always love waiting over 20 (Twenty!) goddamn minutes for a Palo Alto firewall to reboot.
(Score: 2) by DannyB on Wednesday July 01 2020, @04:46PM
That firewall is being extra thorough in its startup procedure.
Or maybe it is pwned.
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: 0) by Anonymous Coward on Wednesday July 01 2020, @03:15PM (1 child)
FAKE. There are no foreign adversaries, only domestic leftists. We need to be strong on law and order and stop looking at Russia or Afghanistan or the Taliban.
(Score: 1, Insightful) by Anonymous Coward on Wednesday July 01 2020, @04:06PM
There are no foreign adversaries, only domestic right-wing just-past-center leftists.
There, FTFY.
(Score: 2) by Lester on Wednesday July 01 2020, @07:22PM
No more to say