Skip navigation

Product Security Advisories

RSS Feed

Starting October 31, 2021 future Duo PSAs will be found here: https://tools.cisco.com/security/center/publicationListing.x

DUO-PSA-2021-001: Duo Product Security Advisory

Duo Security has fixed an issue that could have allowed an attacker with primary credentials of another user to bypass second-factor authentication for that user.

DUO-PSA-2020-004: Duo Product Security Advisory

Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging.

DUO-PSA-2020-003: Duo Product Security Advisory

Duo has identified and fixed an issue in the Duo Connect client that allows end-users to choose insecure configurations.

DUO-PSA-2020-002: Duo Product Security Advisory

Duo Engineering has identified and fixed an issue with directory sync for on-premises Microsoft Active Directory, OpenLDAP, and Microsoft Entra ID related to access rights of fully authenticated users.

DUO-PSA-2020-001: Duo Product Security Advisory

Duo has identified and fixed an issue with Directory Sync where enrollment emails were sent to users regardless of whether the “Send enrollment emails to sync users” checkbox was checked in the Admin Panel.

DUO-PSA-2019-002: Duo Product Security Advisory

In 2019 a third-party software library, which Duo Access Gateway (DAG) used, contained a vulnerability; version 1.5.10 of DAG.

DUO-PSA-2019-001: Duo Product Security Advisory

In 2019 a Duo customer identified an issue with Duo Authentication for Windows Logon where a system configured to fail securely.

DUO-PSA-2018-004: Duo Product Security Advisory

Duo has identified and fixed an issue with the Duo Access Gateway (DAG).

DUO-PSA-2018-003: Duo Product Security Advisory

Duo has identified and fixed an issue with our documentation for the Duo Authentication Proxy integration with VMware Horizon.

DDUO-PSA-2018-002: Duo Product Security Advisory

Duo has identified and fixed an issue with the Duo administrative panel. This issue could have allowed for a second-factor bypass.

DUO-PSA-2018-001: Duo Product Security Advisory

Duo has identified and fixed an issue with our public documentation on the Duo Unix integration.

DUO-PSA-2017-003: Duo Product Security Advisory

In 2017 we identified a security flaw in a third-party library used in the Duo Network Gateway (DNG) that could have allowed for a SAML authentication bypass.

DUO-PSA-2017-002: Duo Product Security Advisory

In 2017 we identified an issue in duo_unix that, under certain uncommon configurations, could have enabled attackers to bypass.

DUO-PSA-2017-001: Duo Product Security Advisory

Duo has identified and fixed an issue in our cloud service which, under certain configurations, could have enabled attackers who have separately compromised a user's primary credentials to add additional unauthorized second-factor authentication devices.

DUO-PSA-2016-002: Duo Product Security Advisory

In 2016, we identified 1 issue in Duo Authentication Proxy that, under uncommon configurations, could’ve enabled attackers to bypass two-factor authentication.

DUO-PSA-2016-001: Duo Product Security Advisory

Check out 2016's identified issues in the Duo Authentication Proxy that could have enabled attackers to partially or fully bypass.

DUO-PSA-2015-003: Duo Product Security Advisory

Duo Security has identified an issue which, under certain configurations, could have enabled attackers to bypass second-factor authentication.

DUO-PSA-2015-002: Duo Product Security Advisory

Duo Security has identified an issue in recent versions of Duo Mobile for iOS that could allow attackers to perform a successful Man-in-the-Middle (MITM) attack.

DUO-PSA-2015-001: Duo Product Security Advisory

Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass primary and secondary authentication.

DUO-PSA-2014-008: Duo Product Security Advisory

Duo Security has identified an issue in the iOS Duo Mobile app that may allow credentials to be backed up in an encrypted form to a user's local machine via iTunes.

DUO-PSA-2014-004: Duo Product Security Advisory

Duo Security has identified an issue in which it is possible to bypass second factor authentication of multisite WordPress deployments which use the Duo WordPress plugin (prior to version 2.0).

DUO-PSA-2014-003: Duo Product Security Advisory

Duo Security has identified an issue in which it is possible to bypass second factor authentication of Remote Desktop Protocol (RDP) integrations which are GINA-based (e.g. those installed on Windows XP/Server 2003).

DUO-PSA-2014-002: Duo Product Security Advisory

Duo Security has identified an issue in which it is possible to bypass second factor authentication of Remote Desktop Web Access.

DUO-PSA-2014-001: Duo Product Security Advisory

Older versions of the Duo Security Outlook Web Access (OWA) integration may be vulnerable to a bypass of the second authentication factor.