CVE-2020-2021 PAN-OS: Authentication Bypass in SAML Authentication (29th Jun 2020)

Preface: SAML implements a secure method of passing user authentications and authorizations between the identity provider and service providers. When a user logs into a SAML enabled application, the service provider requests authorization from the appropriate identity provider.

Design weakness: The design weakness of SAML was not XML edge cases nor attacker stealing your signing keys.
SAML mistaken allowing your users to log in to apps throught they couldn’t access. In order to avoid this matter happen. You should ensure your SAML assertions only work with the right apps, use unique signing keys for each app or service provider.

Palo Alto Releases Security Updates for PAN-OS: Authentication Bypass – details refer to following link.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.