CVE-2022-0021 An information exposure exists in the Palo Alto Networks GlobalProtect app that logs the connecting user's credentials.

After configuring Connect Before Logon on Windows, the following message is displayed on the log file: (03/03 10:26:11) [VULNERABILITY:Credential Exposure] --- (03/03 10:26:11) Connecting to the server and verifying credentials --- Information> Credential> username> password1> password2> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information> Information>

Windows 10 - CVE-2017-0030

After configuring Connect Before Logon on Windows, the following message is displayed on the log file:
(03/03 10:26:11) [VULNERABILITY:Credential Exposure] --- (03/03 10:26:11) Connecting to the server and verifying credentials --- Information> Credential> username> password1> password2> Information> Information> Information> Information> Information> Information> Information> Information> Information> __Information_ - _____Information_ - ____Information_ - _______Information_ - __________information___ - ________information_ - __________information______- ________________information-- information
- INFORMATION

References:

However, the vulnerability is not limited to just Windows systems. Other operating systems such as Linux and Solaris are also affected.

Vulnerability: Credential Exposure
A credential exposure vulnerability exists in Microsoft Windows. If you enable Connect Before Logon on a Windows system, an attacker could connect to the system without having to provide valid credentials.

Windows 10, version 1703

The Microsoft Windows 10, version 1703 update contains a vulnerability in the Connect Before Logon feature that can allow a remote attacker to steal credentials of a logged-in user.

Timeline

Published on: 02/10/2022 18:15:00 UTC
Last modified on: 02/17/2022 16:01:00 UTC

References

• https://security.paloaltonetworks.com/CVE-2022-0021
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0021