Major sellers extend the weaknesses authentication and design defects
Research highlighted significant weaknesses in Czech Point, ZSCAler and Netskope that fell into three primary categories: authentication bypass, credential storage failures and cross-tenant exploitation.
Certification bypass vulnerability
The most severe certification in the SAML implementation of Zscler was the defect. Researchers found that the SAML claim was signed only for appearance, and it was not valid against the public key of the identity provider. This allowed a complete bypass of identification provider authentication by creating SAML reactions with invalid signatures.
Netscope was uniform but suffering from more original bypass. The enrollment API did not require any authentication, allowing the attackers to register equipment only using leaked organizations and valid email addresses.
The vulnerability of a check point focused on the hard-coded encryption keys embedded in client binergies. These keys protected the diagnostic log upload containing JSON web tokens (JWTS), creating a possible compromise landscape for any customer for 30 days, which uploaded the log for support.
Credential Storage and Token Management Falls
All three vendors implemented weak credentials storage mechanisms. In a clear text in the ZSCAler stored device token certification credentials in Windows Registry, local attackers allow the registry values to allow any user to extract and replicate tokens. The “safe enrollment” token of the Netscope used DPAPI encryption with insufficient security.
Seller reaction and treatment
Seller reactions vary greatly in speed and effectiveness. According to the researchers, Zscaler responded the fastest, initially patching his Saml vulnerability (CVE-2025-54982) within four hours. However, Fix introduced compatibility issues requiring a rollback before a permanent solution was implemented.
