FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

duo -- Two-factor authentication bypass

Affected packages
duo < 1.9.21


VuXML ID 738e8ae1-46dd-11e7-a539-0050569f7e80
Discovery 2017-05-19
Entry 2017-06-01

The duo security team reports:

An untrusted user may be able to set the http_proxy variable to an invalid address. If this happens, this will trigger the configured 'failmode' behavior, which defaults to safe. Safe mode causes the authentication to report a success.