CVE-2022-0021
Summary
| CVE | CVE-2022-0021 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-02-10 18:15:00 UTC |
| Updated | 2022-02-17 16:01:00 UTC |
| Description | An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms. |
Risk And Classification
Problem Types: CWE-532
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows | - | All | All | All |
| Application | Paloaltonetworks | Globalprotect | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-0021 GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon | CONFIRM | security.paloaltonetworks.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: This issue was found by Rutger Truyers of Palo Alto Networks during internal security review.