4 matches found
Palo Alto Networks User-ID Agent Version Detection
Binary data paloaltouidagentdetect.nbin...
Palo Alto Networks User-ID Agent < 7.0.4 TLS-Secured API Invocation Credential Disclosure (PAN-SA-2016-0007)
The version of Palo Alto Networks User-ID agent installed on the remote Windows host is prior to 7.0.4. It is, therefore, affected by a flaw that allows a TLS-secured API call to return encrypted credentials to the domain account configured on the User-ID agent, which has read-only rights for...
User-ID API Access
The Palo Alto Networks User-ID agent for Windows implements an API to retrieve the agent’s configuration. This TLS-secured API call returns encrypted credentials to the domain account configured on the User-ID agent, which has read-only rights for Security Event Logs on Domain Controllers. Anyone...
OpenSSL Man-in-the-middle vulnerability
The Palo Alto Networks product security engineering team has completed analysis of our products' exposure to the vulnerabilities described in the OpenSSL Security Advisory dated June 5th, 2014. Of the 7 CVEs highlighted in the advisory, only CVE-2014-0224 is relevant to our software. The...