4 matches found
CVE-2023-20123
Cisco Duo for macOS and Duo Authentication for Windows Logon offline Credential replay vulnerability (CVE-2023-20123) allows an unauthenticated, physical attacker to replay previously used MFA codes because session credentials do not expire properly. Affected products include Cisco Duo on macOS a...
CVE-2023-20199
Summary (CVE-2023-20199 – Cisco Duo for macOS): The macOS Duo 2FA client is vulnerable due to incorrect handling of responses when configured to fail open. This allows an authenticated, physical attacker with primary user credentials to bypass the second factor and access the device. The exploit ...
CVE-2022-20662
Cisco Duo for macOS contains an authentication bypass in smart card login. The issue arises because the assigned user of a PIV smart card is not correctly bound to the authenticating user, allowing an unauthenticated, physically proximate attacker to configure a smart card login to bypass Duo aut...
CVE-2025-20258
CVE-2025-20258 affects Cisco Duo Self-Service Portal. A vulnerability due to insufficient input validation allows unauthenticated remote attackers to inject arbitrary commands into emails sent by the service, potentially delivering emails with malicious content to users. The issue is described in...