CVE-2022-0021: 
Palo Alto Networks GlobalProtect Agent vulnerability analysis and mitigation

An information exposure through log file vulnerability (CVE-2022-0021) exists in the Palo Alto Networks GlobalProtect app on Windows that logs cleartext credentials of connecting users when authenticating using the Connect Before Logon feature. The vulnerability was discovered internally by Rutger Truyers of Palo Alto Networks and was disclosed on February 9, 2022. This issue specifically impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows and does not affect the GlobalProtect app on other platforms (Palo Alto).

The vulnerability has been assigned a CVSSv3.1 Base Score of 3.3 (LOW) with the following metrics: Attack Vector: LOCAL, Attack Complexity: LOW, Privileges Required: LOW, User Interaction: NONE, Scope: UNCHANGED, Confidentiality Impact: LOW, Integrity Impact: NONE, Availability Impact: NONE. The vulnerability is classified as CWE-532 (Information Exposure Through Log Files). The issue only affects systems configured to use the GlobalProtect Connect Before Logon feature (Palo Alto).

The vulnerability allows exposure of cleartext credentials of GlobalProtect users when they authenticate using the Connect Before Logon feature. This could potentially lead to unauthorized access if the log files are compromised (Palo Alto).

The vulnerability has been fixed in GlobalProtect app version 5.2.9 on Windows and all later GlobalProtect app versions. There are no known workarounds for this issue (Palo Alto).