Security Improvements to CSP Registration Process

Showing results for 
Show  only  | Search instead for 
Did you mean: 
L3 Networker
No ratings

Palo Alto Networks introduced new features in our Customer Support Portal (CSP) that address security concerns related to A security researcher informed us that it was possible to brute-force our user registration process and potentially register an unauthorized individual support account linked to a customer. 


Customers who enabled the requirement of “super-user approvalon their support accounts would have been notified of attempts to create new accounts linked to their respective CSP account. However, we are aware that not all customers have adopted this setting.


Therefore, to mitigate potential brute-forcing, we have added a captcha feature that requires input from the user during the registration process on the CSP.




As an additional security measure, we’ve made the “super-user approval” requirement the default setting within the CSP. We suggest that all customers keep this requirement as the default setting, so they are notified when a new account is created within their CSP account.




Should you have any questions about this advisory, please contact Palo Alto Networks Support Team at


Thank you,

Palo Alto Networks Product Security Incident Response Team

Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎11-01-2019 10:18 AM
Updated by:
Retired Member