14 matches found
EUVD-2018-19072
Malware in sbrugna...
EUVD-2020-24754
Malware in sbrugna...
CVE-2018-7340
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...
CVE-2020-3483
Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...
CVE-2020-3483
Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...
Code injection
Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...
CVE-2020-3483 Duo Network Gateway (DNG) Information Disclosure Vulnerability
Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to local files on the DNG...
Cisco DuoConnect Authentication Vulnerability
Cisco DuoConnect is a two-factor authentication solution from Cisco USA. A security vulnerability exists in Cisco DuoConnect versions prior to 1.1.1, which stems from the fact that when DuoConnect is configured as 'http://', under certain circumstances, the program sends authentication tokens ove...
Authentication flaw
Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authenticatio...
CVE-2018-7340
Duo Network Gateway (DNG) 1.2.9 and earlier is affected by CVE-2018-7340 due to incorrect handling of XML DOM traversal and canonicalization in the python-saml library, which can allow an attacker to modify SAML data without invalidating the signature and potentially bypass authentication to SAML...
Duo Network Gateway Authentication Bypass Vulnerability
Duo Network Gateway DNG is an access control software for accessing internal Web applications from Duo Corporation in the United States. An authentication bypass vulnerability exists in DNG. A remote attacker could use this vulnerability to bypass the authentication mechanism and perform...
DUO-PSA-2017-003: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2017-003 Publication Date: 2018-02-27 Revision Date: 2018-02-27 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Security has identified a security flaw in a third-party library used in the Duo Network Gateway DNG which, under certain...
DUO-PSA-2017-003: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2017-003 Publication Date: 2018-02-27 Revision Date: 2018-02-27 Status: Confirmed, Fixed Document Revision: 1 Overview Duo Security has identified a security flaw in a third-party library used in the Duo Network Gateway DNG which, under certain...
DUO-PSA-2020-004: Duo Product Security Advisory
Duo Product Security Advisory Advisory ID: DUO-PSA-2020-004 CVE: CVE-2020-3483 Publication Date: 2020-08-13 Revision Date: 2020-08-13 Status: Confirmed, Fixed Document Revision: 1 Overview Duo has identified and fixed an issue with the Duo Network Gateway DNG product in which some customer-provid...