/
PortalGuard DUO bypass - 5/14/2024

PortalGuard DUO bypass - 5/14/2024

Owned by Chris deRito (Deactivated)
Jun 21, 2024
2 min read

PortalGuard Security Advisory

Notification Date: May 14th, 2024

Severity: Critical

Affected Versions

  • < v6.8.3

There is a critical vulnerability affecting limited PortalGuard's on-premises deployments using a specific configuration. Please read the following notification carefully to determine if your PortalGuard deployment is affected.

Customers Impacted:

  1. Using PortalGuard on-premises -AND-

  2. Using DUO Prompt MFA WITH “DUO Enrollment Required During Login” AND “Max Deferred Enrollments” greater than 0.

Vulnerability Summary:

There is a critical vulnerability specific to the specified past PortalGuard versions. This vulnerability allows users to bypass Multifactor Authentication if the DUO Prompt configuration has “DUO Enrollment Required During Login” checked and the “Max Deferred Enrollments” set to anything greater than 0 by creating a DUO lockout condition.

With this specific configuration, if a user’s DUO account becomes locked out after consecutive failed attempts, PortalGuard erroneously considers the user unenrolled and will initiate the enrollment process. The user can then ‘skip’ the DUO Prompt enrollment process to effectively bypass DUO MFA.

How to Determine if You Are Affected:

  1. Open the PortalGuard Configuration Editor.

  2. Edit your security policy.

  3. Navigate to “Authentication Methods” > “Tokens” > “Duo Integration”.

  4. Confirm that “Duo Enrollment Required During Login” is checked and “Max Deferred Enrollments” is greater than 0.

    1. If these settings are configured in this way, please see the remediation section below.

image-20240621-151930.png

Remediation Actions:

The latest version of PortalGuard On-Premises has closed out this possible circumvention. Impacted customers must contact PortalGuard Technical Support to schedule a patch for their PortalGuard server.

PortalGuard Technical Support will explain the immediate remediation options and help you apply the patch to resolve this vulnerability. Please submit a support ticket as soon as possible.

If you need instructions on how to submit a support ticket –

[KB: How To Submit a Technical Support Ticket >> Please note the DUO Prompt Configuration settings and your current PortalGuard version.]

 

Thank you.

 

BIO-key Security Team

infosec@bio-key.com

Related content