SB2023040656 - Authentication Bypass in Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023040656

SB2023040656 - Authentication Bypass in Cisco Duo Authentication for macOS and Duo Authentication for Windows Logon

Published: April 6, 2023

Security Bulletin ID SB2023040656
Severity
Low
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Physical access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Authentication Bypass by Capture-replay (CVE-ID: CVE-2023-20123)

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to session credentials do not properly expire within the offline access mode. An attacker with physical access can replay previously used multifactor authentication (MFA) codes to bypass MFA protection.


Remediation

Install update from vendor's website.

References