CVE-2020-3442

Name of the Vulnerable Software and Affected Versions DuoConnect (affected versions not specified)

Description The issue concerns the DuoConnect client, which enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection for the first time, the user's browser is opened to a login screen to complete authentication. If the '-relay' argument is set to a URL beginning with "http://", the browser will initially attempt to load the URL over an insecure HTTP connection before being redirected to HTTPS. DuoConnect stores an authentication token in a local system cache, which is valid for a configurable period of time. If a user already has a valid token, DuoConnect directly contacts the DNG using the configured '-relay' value and sends the token, as well as the intended SSH server hostname and port numbers. If the '-relay' argument begins with "http://", this request will be sent over an insecure connection and could be exposed to an attacker. The exposed DNG authentication tokens may be used to gain network-level access to the servers and ports protected by the relay host.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.