Cisco Duo Authentication Proxy
Easy fix2 remedies
cpe:2.3:a:duo:authentication_proxy:*:*:*:*:*:*:*
Easy fix2 remedies
- <= 5.8.2
- <= 6.5.1
Cisco Duo Authentication Proxy Information Disclosure Vulnerability
Vulnerability
Patched
A vulnerability exists in the debug logging function of Cisco Duo Authentication Proxy, allowing authenticated, high-privileged, remote attackers to access sensitive information in system log files. This issue arises from inadequate masking of sensitive data before it is logged. Exploitation of this vulnerability could enable attackers to view restricted information.
Impact
Successful exploitation allows access to sensitive information that should be restricted, potentially leading to unauthorized actions or privileges.
Remediation
Cisco has released software updates to address this vulnerability. Customers should upgrade to version 6.5.2 if they are using Cisco Duo Authentication Proxy version 6.5.1 or earlier. For those on version 5.8.2 or earlier, migrating to a fixed release is recommended. After upgrading, it is advised to delete log files from the system where Cisco Duo Authentication Proxy is installed and from any other systems where logs may be stored.
Added: Aug 20, 2025, 5:35 PM
Updated: Aug 20, 2025, 5:35 PM
Vulnerability Rating
Custom Algorithm
spread
4.5impact
2.5exploitability
4.4remediation
8.3relevance
0.4threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.