FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

duo -- Two-factor authentication bypass

Affected packages
duo < 1.9.21

Details

VuXML ID 738e8ae1-46dd-11e7-a539-0050569f7e80
Discovery 2017-05-19
Entry 2017-06-01

The duo security team reports:

An untrusted user may be able to set the http_proxy variable to an invalid address. If this happens, this will trigger the configured 'failmode' behavior, which defaults to safe. Safe mode causes the authentication to report a success.

[source]

References

URL https://duo.com/labs/psa/duo-psa-2017-002

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.