Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authent...

src/pentesting-web/hacking-with-cookies/README.md

@@ -449,7 +449,36 @@ public class App {
 }
 ```
 
-</details>context (e.g., server-side session with random ID, or add anti-replay properties).
+</details>
+
+Mitigation: do not mint authentication cookies by encrypting predictable identifiers with a reusable key. Prefer server-side sessions or authenticated encryption/signatures with anti-replay properties.
+
+### Public-key cookie forgery when decryption is treated as authentication
+
+Some products misuse asymmetric crypto for bearer cookies: they **encrypt** cookie contents with a certificate-related keypair and later treat **successful private-key decryption** as proof the cookie is authentic. If the plaintext is not protected with a **signature, MAC, or AEAD tag**, anyone who knows the **public key** can forge arbitrary cookies offline.
+
+Typical exploitation pattern:
+
+- Identify which cookie or POST parameter carries the auth blob.
+- Check whether the server exposes the matching public key via **TLS certificate reuse**, **JWKS**, a downloadable certificate, or any other public trust store.
+- Recreate the expected plaintext structure (user, role/domain, host ID, client OS/IP, timestamp, lifetime, etc.).
+- Encrypt it with each candidate **public key**, encode it as expected, and replay it. If the server only checks that decryption succeeds and the fields parse, authentication is bypassed.
+
+**GlobalProtect authentication override** is a practical example of this anti-pattern. When **authentication override cookies** are enabled, the portal/gateway accepts `portal-userauthcookie` or `portal-prelogonuserauthcookie` in a POST to `/ssl-vpn/login.esp`. If the certificate used for cookie encryption/decryption is also reused by the externally exposed HTTPS service, an unauthenticated attacker can retrieve the certificate chain over TLS, forge a cookie for any chosen identity, and submit it directly to the portal/gateway.
+
+Quick testing ideas:
+
+```bash
+openssl s_client -connect <target>:443 -showcerts </dev/null
+python3 forge_cookie.py --target <target> --context both --user admin
+```
+
+Hunting ideas for this class of bug:
+
+- Token/cookie-based logins to **local or privileged accounts** without a normal credential login immediately beforehand.
+- Auth logs where the method is explicitly **`Cookie`**, **token**, **remember-me**, or similar.
+- Reused or clearly fake client identifiers (hostname, MAC, device ID), especially across many targets.
+- Successes after several malformed/failed cookie attempts, or cookie-auth success without the usual full session creation flow.
 
 ## References
 
@@ -462,6 +491,9 @@ public class App {
 - [https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/](https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/)
 - [Cookie Chaos: How to bypass __Host and __Secure cookie prefixes](https://portswigger.net/research/cookie-chaos-how-to-bypass-host-and-secure-cookie-prefixes)
 - [Burp Custom Action – CookiePrefixBypass.bambda](https://github.com/PortSwigger/bambdas/blob/main/CustomAction/CookiePrefixBypass.bambda)
+- [Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)](https://www.rapid7.com/blog/post/etr-rapid7-observed-exploitation-of-pan-os-globalprotect-authentication-bypass-vulnerability-cve-2026-0257)
+- [Palo Alto Networks advisory: CVE-2026-0257 PAN-OS: GlobalProtect Authentication Bypass Vulnerabilities](https://security.paloaltonetworks.com/CVE-2026-0257)
+- [Rapid7 PoC for CVE-2026-0257](https://github.com/sfewer-r7/CVE-2026-0257)
 
 {{#include ../../banners/hacktricks-training.md}}