Main Vulnerability Database Vulnerabilities #VU74551

Authentication Bypass by Capture-replay in Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP - CVE-2023-20123

Published: April 6, 2023

Vulnerability identifier: #VU74551

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-20123

CWE-ID: CWE-294

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Duo Two-Factor Authentication for macOS
Duo Authentication for Windows Logon and RDP

Detailed vulnerability description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to session credentials do not properly expire within the offline access mode. An attacker with physical access can replay previously used multifactor authentication (MFA) codes to bypass MFA protection.

How to mitigate CVE-2023-20123

Install updates from vendor's website.

Sources

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-replay-knuNKd

Authentication Bypass by Capture-replay in Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP - CVE-2023-20123

Detailed vulnerability description

How to mitigate CVE-2023-20123

Sources

Please verify you're human