Encrypted User Credentials Exposed in Application Logs
CVE-2024-5908

7.5HIGH

Key Information:

Vendor: Palo Alto Networks
Status: Globalprotect App
Vendor: CVE Published:; 12 June 2024

Badges

👾 Exploit Exists

Summary

A security concern has been identified within the Palo Alto Networks GlobalProtect application. This issue allows for the exposure of encrypted user credentials within application logs that, while generally accessible only to local users, can compromise sensitive information when logs are shared for troubleshooting. Such logs can potentially be viewed by unintended recipients, posing risks to user privacy and data security. It is crucial for organizations using the GlobalProtect application to implement recommended measures to mitigate exposure and protect sensitive user credentials.

Affected Version(s)

GlobalProtect App 5.1.0 < 5.1.12

GlobalProtect App 6.0.0 < 6.0.8

GlobalProtect App 6.1.0 < 6.1.3

References

https://security.paloaltonetworks.com/CVE-2024-5908

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 9, 2024
Vulnerability published
Jun 12, 2024

Credit

Palo Alto Networks thanks Denis Faiustov and Ruslan Sayfiev of GMO Cybersecurity by IERAE for discovering and reporting this issue.