PaloAlto Captive Portal XSS Attack

PaloAlto has issued a patch for a XSS attack on the captive portal that I disclosed a few months back. The official advisory can be found here: https://securityadvisories.paloaltonetworks.com/Home/Detail/66 (Detail taken from https://securityadvisories.paloaltonetworks.com/) The attack has been given a CVSS score of 6.1: (Screenshot taken from IBM X-Force: https://exchange.xforce.ibmcloud.com/vulnerabilities/118524) Below follows the original report submitted to PaloAlto … Continue reading PaloAlto Captive Portal XSS Attack

Palo Alto Networks : Firewall Loopback interfaces

In a dual-homed network infrastructure, loopback interfaces are a very valuable configuration option on Palo Alto firewalls. Cisco folk may be more familiar with the use of loopback interfaces, so this article gives a very quick look at some of the uses of a loopback interface in a Palo Alto firewall deployment. The most usedul … Continue reading Palo Alto Networks : Firewall Loopback interfaces