In a recent study, major vulnerabilities were uncovered in leading security vendors including Check Point, Zscaler, and Netskope. These vulnerabilities were primarily categorized as authentication bypasses, credential storage failures, and cross-tenant exploitation.
One of the most severe vulnerabilities found was in Zscaler’s SAML implementation, where the signature on the SAML assertion was not properly validated against the identity provider’s public key, allowing attackers to forge SAML responses with invalid signatures to bypass authentication. Netskope also had a fundamental bypass flaw, as their enrollment API required no authentication, enabling attackers to register devices using leaked organization keys and valid email addresses. Check Point’s vulnerability centered around hard-coded encryption keys in client binaries, potentially compromising any customer who had uploaded logs to support.
Furthermore, all three vendors exhibited weak credential storage mechanisms. For example, Zscaler stored Device Token Authentication credentials in clear text in the Windows registry, while Netskope used insufficient protection for their “Secure Enrollment” tokens. These flaws left room for local attackers to extract tokens and impersonate users.
In response to these vulnerabilities, the vendors varied in their speed and effectiveness of patching. Zscaler responded swiftly by patching their SAML vulnerability within four hours, although the initial fix caused compatibility issues that required a rollback before a permanent solution was implemented.
In conclusion, these major vulnerabilities highlight the importance of robust security measures and prompt responses from vendors to protect against potential exploitation and breaches. It is crucial for organizations to stay vigilant and prioritize security to safeguard their systems and sensitive data.
