Skip to main content

Posts

Showing posts with the label probe

Palo Alto Networks Firewalls Leaking Usernames and Password Hashes

A significant number Palo Alto Networks (PAN) firewalls are leaking critical information onto the open internet. Its vital to immediately qualify that statement. The leaks result from firewall administrators enabling Client Probing and Host Probing within the User-ID settings without explicitly limiting such probes to a trusted "zone" or subnet. Username, domain name and password hash are provided to those initiating a properly formatted SMB connection to impacted firewalls.  HD Moore , Chief Research Officer of Rapid7  and founder of MetaSploit , is responsible for the initial publication of the vulnerability. Enabling such a configuration on a production firewall appliance, with its resulting leaks, results in a somewhat unusual situation where responsibility for the resulting vulnerability ought to be shared between security administrators and PAN developers. SMB probing should be filtered to trusted subnets; this is obvious. That said, such a setting should not be