About PankajDhobe

PankajDhobe

For vulnerability 1) SNMP Agent Default Community Name (public) port - UDP 161 2) SNMP 'GETBULK' Reflection DDoS Port - UDP 161 We have to disable SNMP on WF-500, which have been detected by VAPT. Please, share the article or steps how to disable SNMP, if it is enabled on WF- 500.

PankajDhobe

Can we configure captive portal for windows machine in Palo alto which are in domain? Customer do not want SSO authentication on Palo alto for machine which are in domain, while going to internet. He want captive for traffic going to internet. He want windows machine login authentication via AD, but he want captive portal for Palo Alto for AD users, too. Is it possible to configure? Please reply.

PankajDhobe

As per the below mention snap-shot, we observed user id get changed with AD user and we have allowed the internet access to local user id which is configured in Palo Alto. Due to issue user facing internet issue. We have not configure this user in AD domain, then how user id gets change in the Palo Alto automatically ? While authenticating via AD traffic is going via cleanup rule. What should be done, so traffic will authenticate locally? Sometimes machine authenticated locally sometime by AD though machine is not in domain

PankajDhobe · ‎12-14-2020

We have done VAPT on our Global protect URL link and identified 3 VA, Kindly check and help resolving this at earliest. 1) Absence of CSRF tokens :- No Anti-CSRF tokens were found in a HTML submission form. A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge or intent in order to perform an action as the victim. The underlying cause is application functionality using predictable URL/form actions in a repeatable way. The nature of the attack is that CSRF exploits the trust that a web site has for a user. By contrast, cross-site scripting (XSS) exploits the trust that a user has for a web site. Like XSS, CSRF attacks are not necessarily cross-site, but they can be. Cross-site request forgery is also known as CSRF, XSRF, one-click attack, session riding, confused deputy, and sea surf. 2) Missing secure Flag Attributes in the Encrypted Session (SSL) Cookie:- The Session Cookie Does Not Have "Secure" Attribute.The Secure Attribute Tells The Browser To Only Use This Cookie Via Secure/Encrypted Connections. This measure makes certain client-side attacks, such as cross-site scripting, slightly harder to exploit by preventing them from trivially capturing the cookie's value via an injected script. 3) Referrer-Policy Header is not implemented:- It was observed that, Referrer-policy is not implemented in response header. Referrer-Policy is a security header designed to prevent cross-domain referrer leakage. Also, VAPT team has provided following links for 3 vulnerabilities 1) http://projects.webappsec.org/Cross-Site-Request-Forgery http://cwe.mitre.org/data/definitions/352.html 2) https://www.paladion.net/blogs/cookie-attributes-and-their-importance https://www.maravis.com/protecting-web-application-cookies-by-restricting-scope/ 3) https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Date Registered	‎08-22-2020 08:26 AM
Date Last Visited	3 hours ago
Total Messages Posted	4

Online Status	Online
Date Last Visited	3 hours ago

About PankajDhobe

Need to disable SNMP setting from WF-500 private cloud

Can we configure captive portal for windows machine in palo alto which are in domain?

Local user Identification issue

Check and help resolving VAPT reported issues Global Protect SSL VPN Url

Re: Local user Identification issue

Need to disable SNMP setting from WF-500 private cloud

Can we configure captive portal for windows machine in palo alto which are in domain?

Local user Identification issue

Check and help resolving VAPT reported issues Global Protect SSL VPN Url

Strata

Prisma

Cortex

About PankajDhobe