The GlobalProtect external interface in Palo Alto Networks PAN-OS prior to 6.1.17, 7.x prior to 7.0.15, 7.1.x prior to 7.1.9, and 8.x prior to 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote malicious users to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
paloaltonetworks pan-os 8.0.0 |
||
paloaltonetworks pan-os 7.1.4 |
||
paloaltonetworks pan-os 7.1.6 |
||
paloaltonetworks pan-os 7.1.8 |
||
paloaltonetworks pan-os 7.0.3 |
||
paloaltonetworks pan-os 7.0.5 |
||
paloaltonetworks pan-os 7.0.12 |
||
paloaltonetworks pan-os 7.0.14 |
||
paloaltonetworks pan-os 7.0.0 |
||
paloaltonetworks pan-os 7.0.1 |
||
paloaltonetworks pan-os 7.0.2 |
||
paloaltonetworks pan-os 7.1.1 |
||
paloaltonetworks pan-os 7.1.2 |
||
paloaltonetworks pan-os 7.1.3 |
||
paloaltonetworks pan-os 7.0.7 |
||
paloaltonetworks pan-os 7.0.8 |
||
paloaltonetworks pan-os 7.0.9 |
||
paloaltonetworks pan-os 7.0.10 |
||
paloaltonetworks pan-os 8.0.1 |
||
paloaltonetworks pan-os 7.1.0 |
||
paloaltonetworks pan-os 7.1.5 |
||
paloaltonetworks pan-os 7.1.7 |
||
paloaltonetworks pan-os 7.0.4 |
||
paloaltonetworks pan-os 7.0.6 |
||
paloaltonetworks pan-os 7.0.11 |
||
paloaltonetworks pan-os 7.0.13 |
||
paloaltonetworks pan-os |