Duo Security

For iOS that could allow attackers to perform a successful DUO-PSA-2015-001: Duo Product Security Advisory Duo Security has identified an issue in certain versions of the Duo Web SDK that could allow attackers to bypass primary and DUO-PSA-2014-008: Duo Product Security Advisory Duo Security has identified an issue in the iOS Duo Mobile app that may allow credentials to be backed up in an encrypted form to DUO-PSA-2014-007: Duo Product Security Advisory Duo Security has identified an issue that may allow local users to bypass second factor authentication when using the pam_duo DUO-PSA-2014-006: Duo Product Security Advisory Duo Security has identified an issue in which it may be possible for users to perform certain actions without completing DUO-PSA-2014-005: Duo Product Security Advisory Duo Security has identified an issue in its Credential-Provider based Remote Desktop Protocol (RDP) integrations (e.g. those DUO-PSA-2014-004: Duo Product Security Advisory Duo Security has identified an issue in which it is possible to bypass second factor authentication of multisite WordPress DUO-PSA-2014-003: Duo Product Security Advisory Duo Security has identified an issue in which it is possible to bypass second factor authentication of Remote Desktop Protocol DUO-PSA-2014-002: Duo Product Security Advisory Duo Security has identified an issue in which it is possible to bypass second factor authentication of Remote Desktop Web Access DUO-PSA-2014-001: Duo Product Security Advisory Older versions of the Duo Security Outlook Web Access (OWA) integration may be vulnerable to a bypass of the second authentication

Starting October 31, 2021 future Duo PSAs will be found here: DUO-PSA-2021-001: Duo Product Security Advisory Duo Security has fixed an issue that could have allowed an attacker with primary credentials of another user to bypass DUO-PSA-2020-004: Duo Product Security Advisory Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates DUO-PSA-2020-003: Duo Product Security Advisory Duo has identified and fixed an issue in the DuoConnect client that allows end-users to choose insecure configurations. DUO-PSA-2020-002: Duo Product Security Advisory Duo Engineering has identified and fixed an issue with directory sync for on-premises Microsoft Active Directory, OpenLDAP, and DUO-PSA-2020-001: Duo Product Security Advisory Duo has identified and fixed an issue with Directory Sync where enrollment emails were sent to users regardless of whether the DUO-PSA-2019-002: Duo Product Security Advisory In 2019 a third-party software library, which Duo Access Gateway (DAG) used, contained a vulnerability; version 1.5.10 of DAG DUO-PSA-2019-001: Duo Product Security Advisory In 2019 a Duo customer identified an issue with Duo Authentication for Windows Logon where a system configured to fail securely DUO-PSA-2018-004: Duo Product Security Advisory Duo has identified and fixed an issue with the Duo Access Gateway (DAG). This issue could have allowed for data exposure on the DUO-PSA-2018-003: Duo Product Security Advisory Duo has identified and fixed an issue with our documentation for the Duo Authentication Proxy integration with VMware Horizon DUO-PSA-2018-002: Duo Product Security Advisory Duo has identified and fixed an issue with the Duo administrative panel. This issue could have allowed for a second-factor bypass DUO-PSA-2018-001: Duo Product Security Advisory Duo has identified and fixed an issue with our public documentation on the Duo Unix integration. The suggested Pluggable DUO-PSA-2017-003: Duo Product Security Advisory In 2017 we identified a security flaw in a third-party library used in the Duo Network Gateway (DNG) that could have allowed for a DUO-PSA-2017-002: Duo Product Security Advisory In 2017 we identified an issue in duo_unix that, under certain uncommon configurations, could have enabled attackers to bypass DUO-PSA-2017-001: Duo Product Security Advisory Duo has identified and fixed an issue in our cloud service which, under certain configurations, could have enabled attackers who DUO-PSA-2016-002: Duo Product Security Advisory In 2016, we identified 1 issue in Duo Authentication Proxy that, under uncommon configurations, could've enabled attackers to DUO-PSA-2016-001: Duo Product Security Advisory Check out 2016's identified issues in the Duo Authentication Proxy that could have enabled attackers to partially or fully bypass DUO-PSA-2015-003: Duo Product Security Advisory Duo Security has identified an issue which, under certain configurations, could have enabled attackers to bypass second-factor DUO-PSA-2015-002: Duo Product Security Advisory Duo Security has identified an issue in recent versions of Duo Mobile

Press Release April 14th, 2015 New secure access platform delivers the industry’s easiest solution to use, deploy and administer Duo Security, a cloud-based access security provider protecting the world’s fastest-growing companies, today announces a new solution, Duo Platform Edition. Duo Platform secures access for all users, applications, and devices. Using patented technology trusted by Facebook, Twitter, Toyota, and many others, Duo Platform gives IT teams complete visibility and control.Duo Security makes security easy and effective for both security professionals and end-users alike. In a fraction of the time required by other security solutions, IT teams can deploy Duo Platform to tens of thousands of users. With no training required, users get immediate protection from breaches, identity theft and account takeover.“We believe the security industry has largely lost its way, pushing ineffective, costly systems that only add complexity and increase risk,” said Duo Security CEO Dug Song. “By keeping security implementation easy, we foster adoption. We offer users and organizations state-of-the-art protection that is the easiest to use, deploy and administer.”With the rise of cloud, mobile and Bring Your Own Device (BYOD), organizations face the added challenge of protecting what they don’t control. Data breaches happen in organizations every day and current products meant to thwart those breaches are built upon security tenets from decades past. With Duo Platform, Duo Security has built on its strong history in user authentication to create a new secure access platform that adds tools such as mobile device insight, security threat detection, and geofencing.Duo Security’s

Flagship two-factor authentication solution addresses a $2.4 billion user authentication market.1 New capabilities unveiled today in Duo Platform now align the company to reach a larger segment of the $67 billion security market (expected to grow to $86 billion by 2016).2Duo Platform combines effective solutions to help security teams gain visibility into user behavior, enabling organizations to create secure access policies that work for their users and their security teams. With Duo Platform, administrators can:Create rules and policies that define who can access which applications under what conditionsEnforce security controls in real-time based on defined policiesGain insight into the security profile of mobile devices used in the organizationDetect access-related security threatsProvision SaaS applications by leveraging current identity directoriesGenerate reports on access and authentication for better administration and auditsActually block the breachDuo Platform will be available next month for $6 per user per month. Visit duosecurity.com/platform for more information. RSA conference attendees will be able to see a live demo at the Duo Security booth (#2345). For more information on Duo Security, please visit www.duosecurity.com and follow the company on Twitter at @duosec.1Gartner “Magic Quadrant for User Authentication” by Ant Allan, Eric Ahlm, and Anmol Singh, December 1, 2014.2Gartner Press Release, “Gartner Says Worldwide Security Market to Grow 8.7 Percent in 2013”, June 11, 2013. Duo SecurityDuo Security is a cloud-based access security provider protecting the world’s fastest-growing companies and thousands of organizations worldwide, including Zillow, Etsy, Facebook, Paramount Pictures, Random House, Toyota, Twitter, Yelp, TripAdvisor, The Men’s Warehouse, Dresser-Rand Group,