...
BugZero updated this defect 288 days ago.
The earliest recollection of this bug is traced back to PAN-OS 8.1.16 - January 09, 2024. This bug is fixed in PAN-OS versions 8.1.16, 9.1.3. A fix was made to address a vulnerability involving information exposure through log files where an administrator's password or other sensitive information was logged in cleartext while using the CLI in PAN-OS software. The opcmdhistory.log file was introduced to track operational command (op-command) usage but did not mask all sensitive information ( CVE-2020-2044 ). For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-16-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-3-addressed-issues