Product Security Advisories

RSS Feed

Starting October 31, 2021 future Duo PSAs will be found here: https://tools.cisco.com/security/center/publicationListing.x

DUO-PSA-2021-001: Duo Product Security Advisory

Duo Security has fixed an issue that could have allowed an attacker with primary credentials of another user to bypass...
DUO-PSA-2020-004: Duo Product Security Advisory

Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL...
DUO-PSA-2020-003: Duo Product Security Advisory

Duo has identified and fixed an issue in the DuoConnect client that allows end-users to choose insecure configurations.
DUO-PSA-2020-002: Duo Product Security Advisory

Duo Engineering has identified and fixed an issue with directory sync for on-premises Microsoft Active Directory, OpenLDAP, and...
DUO-PSA-2020-001: Duo Product Security Advisory

Duo has identified and fixed an issue with Directory Sync where enrollment emails were sent to users regardless of whether the...
DUO-PSA-2019-002: Duo Product Security Advisory

In 2019 a third-party software library, which Duo Access Gateway (DAG) used, contained a vulnerability; version 1.5.10 of DAG...
DUO-PSA-2019-001: Duo Product Security Advisory

In 2019 a Duo customer identified an issue with Duo Authentication for Windows Logon where a system configured to fail securely...
DUO-PSA-2018-004: Duo Product Security Advisory

Duo has identified and fixed an issue with the Duo Access Gateway (DAG). This issue could have allowed for data exposure on the...
DUO-PSA-2018-003: Duo Product Security Advisory

Duo has identified and fixed an issue with our documentation for the Duo Authentication Proxy integration with VMware Horizon...
DUO-PSA-2018-002: Duo Product Security Advisory

Duo has identified and fixed an issue with the Duo administrative panel. This issue could have allowed for a second-factor...
DUO-PSA-2018-001: Duo Product Security Advisory

Duo has identified and fixed an issue with our public documentation on the Duo Unix integration. The suggested Pluggable...
DUO-PSA-2017-003: Duo Product Security Advisory

In 2017 we identified a security flaw in a third-party library used in the Duo Network Gateway (DNG) that could have allowed...
DUO-PSA-2017-002: Duo Product Security Advisory

In 2017 we identified an issue in duo_unix that, under certain uncommon configurations, could have enabled attackers to bypass...
DUO-PSA-2017-001: Duo Product Security Advisory

Duo has identified and fixed an issue in our cloud service which, under certain configurations, could have enabled attackers...
DUO-PSA-2016-002: Duo Product Security Advisory

In 2016, we identified 1 issue in Duo Authentication Proxy that, under uncommon configurations, could've enabled attackers to...
DUO-PSA-2016-001: Duo Product Security Advisory

Check out 2016's identified issues in the Duo Authentication Proxy that could have enabled attackers to partially or fully...
DUO-PSA-2015-003: Duo Product Security Advisory

Duo Security has identified an issue which, under certain configurations, could have enabled attackers to bypass second-factor...
DUO-PSA-2015-002: Duo Product Security Advisory

Duo Security has identified an issue in recent versions of Duo Mobile for iOS that could allow attackers to perform a...
DUO-PSA-2015-001: Duo Product Security Advisory

Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass primary and...
DUO-PSA-2014-008: Duo Product Security Advisory

Duo Security has identified an issue in the iOS Duo Mobile app that may allow credentials to be backed up in an encrypted form...
DUO-PSA-2014-007: Duo Product Security Advisory

Duo Security has identified an issue that may allow local users to bypass second factor authentication when using the pam_duo...
DUO-PSA-2014-006: Duo Product Security Advisory

Duo Security has identified an issue in which it may be possible for users to perform certain actions without completing...
DUO-PSA-2014-005: Duo Product Security Advisory

Duo Security has identified an issue in its Credential-Provider based Remote Desktop Protocol (RDP) integrations (e.g. those...
DUO-PSA-2014-004: Duo Product Security Advisory

Duo Security has identified an issue in which it is possible to bypass second factor authentication of multisite WordPress...
DUO-PSA-2014-003: Duo Product Security Advisory

Duo Security has identified an issue in which it is possible to bypass second factor authentication of Remote Desktop Protocol...
DUO-PSA-2014-002: Duo Product Security Advisory

Duo Security has identified an issue in which it is possible to bypass second factor authentication of Remote Desktop Web...
DUO-PSA-2014-001: Duo Product Security Advisory

Older versions of the Duo Security Outlook Web Access (OWA) integration may be vulnerable to a bypass of the second...

By Industry

Government Solutions

Use Cases

Support for Administrators

Support for Duo End Users

Expert Advice

Additional Topics

Popular Topics

Docs for Duo Editions

Integrations