By Ionut Ilascu on October 21st, 2014 Wrong configuration of the User-ID control module in Palo Alto Networks firewall for enterprises could lead to user credentials falling in the hands of an attacker, who can access customer services from an external network.
The issue derives from the fact that the User-ID feature is supposed to be limited to internal resources that are trusted in the organization, but some users enable it on external/untrusted zones.