Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28656
HistoryOct 22, 2012 - 12:00 a.m.

MitM-vulnerability in Palo Alto Networks GlobalProtect

2012-10-2200:00:00
vulners.com
78
JSON

SySS-Advisory: MitM-vulnerability in Palo Alto Networks GlobalProtect

Problem discovered: July 12th 2012
Vendor contacted: July 13th 2012
Advisory published: October 12th 2012

AUTHOR: Micha Borrmann ([email protected])
SySS GmbH
D-72070 Tuebingen / Germany

APPLICATION: Windows Client
AFFECTED VERSION: 1.1.5-5 (32 Bit Version)
Remotely exploitable: Yes

SEVERITY: High

DESCRIPTION:
A User can not recognize an easy to perform man-in-the-middle attack,
because the client is not validate the X.509 certificate from the VPN
gateway. In an untrusted networking environment (like a Wifi hotspot),
the current VPN connection should be classified as not encrypted.

VENDOR STATUS: The vendor published a fixed version (1.1.7) at 10/12/12.

All users should update the clients soon.

JSON