Cisco Duo Authentication Vulnerability Could Lead to Clear Text Sensitive Information Exposure
CVE-2024-20292

4.4MEDIUM

Key Information:

Vendor: Cisco
Status: Cisco Duo
Vendor: CVE Published:; 6 March 2024

Summary

A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system.

This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text.

Affected Version(s)

Cisco Duo 1.0.1

Cisco Duo 1.0.2

Cisco Duo 1.0.3

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 6, 2024
Vulnerability Reserved
Nov 8, 2023