An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0.
References
Link | Resource |
---|---|
https://security.paloaltonetworks.com/CVE-2020-2002 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-05-13 12:15
Updated : 2020-05-19 09:02
NVD link : CVE-2020-2002
Mitre link : CVE-2020-2002
JSON object : View
CWE
CWE-290
Authentication Bypass by Spoofing
Products Affected
paloaltonetworks
- pan-os