Security News > 2022 > March > Palo Alto Networks error exposed customer support cases, attachments
EXCLUSIVE: A bug in the support dashboard of Palo Alto Networks exposed thousands of customer support tickets to an unauthorized individual, BleepingComputer has learned.
The exposed information included, names and contact information of the person creating support tickets, conversations between Palo Alto Networks staff members and the customer.
A misconfiguration in the support system of Palo Alto Networks allowed sensitive information disclosure -letting a customer access private support tickets from other companies.
Some of these support cases had file attachments such as firewall logs, configuration dumps, network security group layouts, images of error messages, and similar internal files shared by customers with Palo Alto Networks for troubleshooting purposes.
"However, to my surprise, when I logged in to the support portal, I was able to see not only the support cases I raised, but also ~1990 support cases under 'My Company's Cases' tab," further explains the user.
"We were notified of an issue that allowed an authorized customer to view a small subset of support cases, which they typically would not be able to view," a Palo Alto Networks spokesperson told BleepingComputer.