2 matches found
CVE-2020-2033 GlobalProtect App: Missing certificate validation vulnerability can disclose pre-logon authentication cookie
When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing...
CVE-2020-2033
Summary of CVE-2020-2033 Affected product: Palo Alto Networks GlobalProtect app (GlobalProtect Agent), specifically 5.0.x versions before 5.0.10 and 5.1.x versions before 5.1.4, when the pre-logon feature is enabled. Vulnerability and root cause: A missing certificate validation in the GlobalProt...