CVE-2025-20345

Cisco Duo Authentication Proxy is affected by a vulnerability in its debug logging function. The root cause is insufficient masking of sensitive information before it is written to system logs, allowing an authenticated, high-privileged attacker to view restricted data by accessing logs. The CVSS...

Cisco Duo Authentication Proxy Information Disclosure Vulnerability

A vulnerability in the debug logging function of Cisco Duo Authentication Proxy could allow an authenticated, high-privileged, remote attacker to view sensitive information in a system log file. This vulnerability is due to insufficient masking of sensitive information before it is written to...

Cisco Duo Authentication Proxy 信息泄露漏洞

Cisco Duo Authentication Proxy is a local security service from Cisco. An information disclosure vulnerability exists in Cisco Duo Authentication Proxy, which stems from insufficient masking of sensitive information in the system log file, which could lead to an elevated privilege user viewing...

PT-2025-34117 · Cisco · Cisco Duo Authentication Proxy

Name of the Vulnerable Software and Affected Versions: Cisco Duo Authentication Proxy affected versions not specified Description: A vulnerability in the debug logging function could allow an authenticated, high-privileged, remote attacker to access sensitive information in a system log file. Thi...

CVE-2025-20222

A vulnerability in the RADIUS proxy feature for the IPsec VPN feature of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition. This...

CVE-2023-20207

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this...

CVE-2013-1150

The authentication-proxy implementation on Cisco Adaptive Security Appliances ASA devices with software 7.x before 7.25.10, 8.0 before 8.05.31, 8.1 and 8.2 before 8.25.38, 8.3 before 8.32.37, 8.4 before 8.45.3, 8.5 and 8.6 before 8.61.10, 8.7 before 8.71.4, 9.0 before 9.01.1, and 9.1 before 9.11....

CVE-2024-55886 OpenTelemetry Logs source may lack authentication with some custom plugins

OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication...

Fedora 38 : grafana (2022-8e5d214237)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-8e5d214237 advisory. Automatic update for grafana-9.0.9-1.fc38. Changelog Wed Sep 21 2022 Andreas Gerstmayr 9.0.9-1 - update to 9.0.9 tagged upstream community sources, see...

The vulnerability of the Grafana monitoring and surveillance platform, related to bypassing authentication through spearphishing, allows attackers to gain unauthorized access to information and compromise its integrity and availability.

The vulnerability of the Grafana monitoring and observation platform is related to the escalation of privileges from the administrator to another administrator when using a authentication proxy server. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized...

BIT-GRAFANA-2022-35957 Authentication Bypass in Grafana via auth proxy allowing escalation from admin to server admin

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...

PT-2023-33005 · Unknown · Email Oauth 2.0 Proxy

Name of the Vulnerable Software and Affected Versions: Email OAuth 2.0 Proxy versions 2022-09-05 through 2023-12-18 Description: The issue allows an attacker to gain access to an account by renewing expired OAuth 2.0 client credentials grant flow authorization tokens without checking their validi...

Cisco Duo Authentication Proxy Installed (Linux)

Binary data ciscoduoauthproxynixinstalled.nbin...

Cisco Duo Authentication Proxy Installed (Windows)

Binary data ciscoduoauthproxywininstalled.nbin...

CVE-2023-20207

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this...

Design/Logic Flaw

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this...

CVE-2023-20207

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this...

CVE-2023-20207

CVE-2023-20207 affects Cisco Duo Authentication Proxy. The issue is in the logging component, where certain unencrypted credentials are stored, allowing an authenticated, remote attacker to view sensitive information in clear text by accessing logs. Impact is sensitive data disclosure (credential...

PT-2022-6728 · Cisco · Cisco Duo Authentication Proxy

Name of the Vulnerable Software and Affected Versions: Cisco Duo Authentication Proxy affected versions not specified Description: A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text o...

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.1.6 and 8.5.13 are vulnerable to an escalation from admin to server admin when auth proxy is used, allowing an admin to take over the server admin account and gain full control of the grafana instance. All...