CVE-2022-0021

Summary

An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.

Affected Software

VendorProductVersion RangeStatus
Palo Alto NetworksGlobalProtect App5.2 < 5.2.9affected
Palo Alto NetworksGlobalProtect App5.1.*unaffected
Palo Alto NetworksGlobalProtect App5.3.*unaffected

Weaknesses

  • CWE-532: CWE-532 Information Exposure Through Log Files

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References