Key points
- Zero Trust Network Access (ZTNA) vendors have been found to have severe vulnerabilities in their systems, which can be exploited by attackers to bypass security controls.
- Research by AmberWolf has exposed critical vulnerabilities in major ZTNA vendors, including Check Point, Zscaler, and Netskope, which can be used to steal sensitive information and compromise user data.
- Best practices have been suggested by the researchers to help mitigate the risks associated with ZTNA, including updating clients to the latest versions, activating server-side validated posture checks, and implementing cryptographically secured compliance verification features.
According to sources, a recent study has revealed that Zero Trust Network Access (ZTNA) vendors have been found to have severe vulnerabilities in their systems. The research, conducted by UK security researchers from AmberWolf, exposed critical vulnerabilities in major ZTNA vendors, including Check Point, Zscaler, and Netskope. The findings were presented at DEF CON 2025, a major cybersecurity conference.
The researchers found that the ZTNA solutions installed by these vendors contained serious flaws, including authentication bypasses, credential storage failures, and cross-tenant exploitation. These vulnerabilities can be exploited by attackers to bypass security controls and steal sensitive information. For example, Zscaler’s SAML implementation was found to have a severe authentication flaw, which allowed attackers to forge authentication tokens and gain unauthorized access to user data.
The researchers also found that the ZTNA solutions relied heavily on client-side security controls and vendor infrastructure integrity, which contradicts the core principles of zero-trust. This means that instead of verifying device and user trustworthiness, these solutions place enormous trust in vendor infrastructure and client-side security controls. As AmberWolf researcher David Cash noted, "Rather than being never trust, always verify, we found it was more, ‘always trust, never verify’."
The researchers have suggested several best practices to help mitigate the risks associated with ZTNA. These include updating clients to the latest versions, activating server-side validated posture checks, and implementing cryptographically secured compliance verification features. Additionally, they recommend monitoring ZTNA logs for suspicious activity, deploying EDR rules to detect sensitive registry access, and enabling DPAPI auditing to detect credential extraction.
As the researchers have pointed out, the ZTNA market is a multi-billion dollar industry, and the vulnerabilities found in these solutions have significant implications for users. The findings highlight the need for continuous verification and constant validation of device and user trustworthiness, rather than relying on vendor infrastructure and client-side security controls. As AmberWolf researcher Richard Warren noted, "Rather than zero trust, we’re actually putting a lot of trust into these vendors to process our data securely." The researchers’ findings have significant implications for Microsoft and its Azure platform, which relies heavily on ZTNA solutions to provide secure access to cloud resources. The company will need to take steps to address these vulnerabilities and ensure the security of its users’ data.
Read the rest: Source Link
Don’t forget to check our list of Cheap Windows VPS Hosting providers, How to get Windows Server 2022, Try Windows 11 Pro for Workstations & browse Windows Azure content.
Remember to like our facebook and follow us on twitter @WindowsMode.
Discover more from Windows Mode
Subscribe to get the latest posts sent to your email.
