Well this is bad... VPN vulnerability release

IRJ

Palo Alto

https://www.tenable.com/blog/cve-2019-1579-critical-pre-authentication-vulnerability-in-palo-alto-networks-globalprotect-ssl

Fortigate

https://fortiguard.com/psirt/FG-IR-18-384

Pulse
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101

DustinB3403

Oh wonderful . . .

Dashrender

Interesting - a lot of shared code I'm guessing.

scottalanmiller

@Dashrender said in Well this is bad... VPN vulnerability release:

Interesting - a lot of shared code I'm guessing.

Even worse... likely closed source code sharing.

IRJ

@scottalanmiller said in Well this is bad... VPN vulnerability release:

@Dashrender said in Well this is bad... VPN vulnerability release:

Interesting - a lot of shared code I'm guessing.

Even worse... likely closed source code sharing.

Imagine if 3 Chinese or Russian companies did this....

IRJ

This really seems like a backdoor was found

http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html

And this is an oh got me moment

scottalanmiller

@IRJ said in Well this is bad... VPN vulnerability release:

This really seems like a backdoor was found

http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html

And this is an oh got me moment

Sounds that way, yeah.