The GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.17, 7.x before 7.0.15, 7.1.x before 7.1.9, and 8.x before 8.0.2 provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate account names and conduct brute-force attacks via a series of requests, aka PAN-SA-2017-0014 and PAN-72769.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
Link | Providers |
---|---|
https://security.paloaltonetworks.com/CVE-2017-7945 |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T16:19:29.301Z
Reserved: 2017-04-18T00:00:00
Link: CVE-2017-7945

No data.

Status : Deferred
Published: 2017-04-29T00:59:00.197
Modified: 2025-04-20T01:37:25.860
Link: CVE-2017-7945

No data.

No data.