2 matches found
CVE-2020-3442
The CVE-2020-3442 entry describes DuoConnect tokens that authenticate SSH sessions via a DNG. If the -relay argument begins with http://, authentication tokens may be transmitted over an insecure HTTP connection, exposing them to network sniffing during the initial login or when reusing an existi...
CVE-2020-3442 DuoConnect SSH Connection Vulnerability
The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in order to complete authentication determined...