Security Improvements to CSP Registration Process

Printer Friendly Page

Palo Alto Networks introduced new features in our Customer Support Portal (CSP) that address security concerns related to support.paloaltonetworks.com. A security researcher informed us that it was possible to brute-force our user registration process and potentially register an unauthorized individual support account linked to a customer. 

 

Customers who enabled the requirement of “super-user approvalon their support accounts would have been notified of attempts to create new accounts linked to their respective CSP account. However, we are aware that not all customers have adopted this setting.

 

Therefore, to mitigate potential brute-forcing, we have added a captcha feature that requires input from the user during the registration process on the CSP.

 

 Picture1.png

 

As an additional security measure, we’ve made the “super-user approval” requirement the default setting within the CSP. We suggest that all customers keep this requirement as the default setting, so they are notified when a new account is created within their CSP account.

 

Picture2.png

 

Should you have any questions about this advisory, please contact Palo Alto Networks Support Team at support.paloaltonetworks.com.

 

Thank you,

Palo Alto Networks Product Security Incident Response Team

Ask Questions Get Answers Join the Live Community
Version history
Revision #:
4 of 4
Last update:
2 weeks ago
Updated by:
 
Contributors