VYPR

Duo Network Gateway

by Duo

CVEs (2)

  • CVE-2020-3483Oct 14, 2020
    risk 0.00cvss epss 0.00

    Duo has identified and fixed an issue with the Duo Network Gateway (DNG) product in which some customer-provided SSL certificates and private keys were not excluded from logging. This issue resulted in certificate and private key information being written out in plain-text to…

  • CVE-2018-7340Apr 17, 2019
    risk 0.00cvss epss 0.01

    Duo Network Gateway 1.2.9 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially…