Product Security Advisories
-
DUO-PSA-2021-001: Duo Product Security Advisory
Duo Security has fixed an issue that could have allowed an attacker with primary credentials of another user to bypass
-
DUO-PSA-2020-004: Duo Product Security Advisory
Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates
-
DUO-PSA-2020-003: Duo Product Security Advisory
Duo has identified and fixed an issue in the DuoConnect client that allows end-users to choose insecure configurations.
-
DUO-PSA-2020-002: Duo Product Security Advisory
Duo Engineering has identified and fixed an issue with directory sync for on-premises Microsoft Active Directory, OpenLDAP, and
-
DUO-PSA-2020-001: Duo Product Security Advisory
Duo has identified and fixed an issue with Directory Sync where enrollment emails were sent to users regardless of whether the
-
DUO-PSA-2019-002: Duo Product Security Advisory
In 2019 a third-party software library, which Duo Access Gateway (DAG) used, contained a vulnerability; version 1.5.10 of DAG
-
DUO-PSA-2019-001: Duo Product Security Advisory
In 2019 a Duo customer identified an issue with Duo Authentication for Windows Logon where a system configured to fail securely
-
DUO-PSA-2018-004: Duo Product Security Advisory
Duo has identified and fixed an issue with the Duo Access Gateway (DAG). This issue could have allowed for data exposure on the
-
DUO-PSA-2018-003: Duo Product Security Advisory
Duo has identified and fixed an issue with our documentation for the Duo Authentication Proxy integration with VMware Horizon
-
DUO-PSA-2018-002: Duo Product Security Advisory
Duo has identified and fixed an issue with the Duo administrative panel. This issue could have allowed for a second-factor bypass
-
DUO-PSA-2018-001: Duo Product Security Advisory
Duo has identified and fixed an issue with our public documentation on the Duo Unix integration. The suggested Pluggable
-
DUO-PSA-2017-003: Duo Product Security Advisory
In 2017 we identified a security flaw in a third-party library used in the Duo Network Gateway (DNG) that could have allowed for a
-
DUO-PSA-2017-002: Duo Product Security Advisory
In 2017 we identified an issue in duo_unix that, under certain uncommon configurations, could have enabled attackers to bypass
-
DUO-PSA-2017-001: Duo Product Security Advisory
Duo has identified and fixed an issue in our cloud service which, under certain configurations, could have enabled attackers who
-
DUO-PSA-2016-002: Duo Product Security Advisory
In 2016, we identified 1 issue in Duo Authentication Proxy that, under uncommon configurations, could've enabled attackers to
-
DUO-PSA-2016-001: Duo Product Security Advisory
Check out 2016's identified issues in the Duo Authentication Proxy that could have enabled attackers to partially or fully bypass
-
DUO-PSA-2015-003: Duo Product Security Advisory
Duo Security has identified an issue which, under certain configurations, could have enabled attackers to bypass second-factor
-
DUO-PSA-2015-002: Duo Product Security Advisory
Duo Security has identified an issue in recent versions of Duo Mobile for iOS that could allow attackers to perform a successful
-
DUO-PSA-2015-001: Duo Product Security Advisory
Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass primary and
-
DUO-PSA-2014-008: Duo Product Security Advisory
Duo Security has identified an issue in the iOS Duo Mobile app that may allow credentials to be backed up in an encrypted form to
-
DUO-PSA-2014-007: Duo Product Security Advisory
Duo Security has identified an issue that may allow local users to bypass second factor authentication when using the pam_duo
-
DUO-PSA-2014-006: Duo Product Security Advisory
Duo Security has identified an issue in which it may be possible for users to perform certain actions without completing
-
DUO-PSA-2014-005: Duo Product Security Advisory
Duo Security has identified an issue in its Credential-Provider based Remote Desktop Protocol (RDP) integrations (e.g. those
-
DUO-PSA-2014-004: Duo Product Security Advisory
Duo Security has identified an issue in which it is possible to bypass second factor authentication of multisite WordPress
-
DUO-PSA-2014-003: Duo Product Security Advisory
Duo Security has identified an issue in which it is possible to bypass second factor authentication of Remote Desktop Protocol
-
DUO-PSA-2014-002: Duo Product Security Advisory
Duo Security has identified an issue in which it is possible to bypass second factor authentication of Remote Desktop Web Access
-
DUO-PSA-2014-001: Duo Product Security Advisory
Older versions of the Duo Security Outlook Web Access (OWA) integration may be vulnerable to a bypass of the second authentication