QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2024-5908

Back to search

CVE-2024-5908

Published: Jun 12, 2024

Modified: Aug 9, 2024

PUBLISHED

Description

A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs.

VendorProductVersions

Palo Alto Networks

GlobalProtect App

affected
5.1.0 - < 5.1.12
affected
6.0.0 - < 6.0.8
affected
6.1.0 - < 6.1.3
affected
6.2.0 - < 6.2.3

Weaknesses (CWE)

CWE-532

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now