#Download duo client install#
Follow all prompts to install the software and click Close when done.Locate the duoauthproxy.x.xx.x.exe file you previously downloaded and double-click it to run it and install the software.This will automatically download the latest version of Duo’s Authentication Proxy software. On your Authentication Proxy servers open an internet browser and navigate to.
#Download duo client upgrade#
Please follow the instructions below to upgrade your Authentication Proxy software: We are also advising all customers to take this time to upgrade to the latest version the Duo Authentication Proxy software. Verify that all protected applications are protected by Duo 2FA and working properly.When the sub-menu appears, select START.Once the service has stopped, right-click the Duo Authentication Proxy Service again.When the sub-menu appears, select STOP.In the services console, locate the “Duo Authentication Proxy” service and right-click it.Click on START → RUN → type SERVICES.MSC and press ENTER.If it is not present, please continue to the section below. If this value is present in the file, remove it and then click FILE → SAVE. Using Notepad or Wordpad (RUN AS Administrator), open the “authproxy.cfg” file and locate the line starting with “api_timeout”.Make a copy of the “authproxy.cfg” file as a backup.Open Windows Explorer and navigate to C:\Program Files (x86)\Duo Security Authentication Proxy\conf.Remediation for this vulnerability is easily achieved by removing the “api_timeout” item from the “authproxy.cfg” file:
If this timeout is reached before the Auth API has returned a response and the Authentication Proxy’s “failmode” option is set to “safe” (allowing users to access the application if Duo’s cloud servers are offline), then this could result in a bypass of second factor authentication. Within the “authproxy.cfg” file, there is an advanced configuration option called “api_timeout” that controls the number of seconds that the Authentication Proxy server waits for a response from Duo’s Auth API when a user attempts to log onto a protected application. While there is no evidence of this vulnerability being exploited in the field, Duo is advising clients to mitigate this vulnerability as soon as possible. Under the “authproxy.cfg” configuration described below, attackers can exploit this vulnerability to bypass second factor authentication. We would like to make our Duo customers aware of a recently discovered vulnerability in Duo’s Authentication Proxy server software. Vulnerability in Duo’s Authentication Proxy Server Software
0 kommentar(er)
