Egnyte Help Desk

iOS Duo Mobile app vulnerability

If you do not use Egnyte's two-factor authentication capability then you can disregard this notice.

Duo Security, the service that Egnyte leverages to provide two-step login verification, has recently announced a vulnerability in their "Duo Mobile" iOS app. This vulnerability is caused by the lack of SSL/TSL certificate hostname validation in an underlying library used by Duo Mobile. The impact of this missing validation is that it is possible to conduct a Man-in-the-Middle (MITM) attack if an attacker controls a segment of the network between the app and the Duo Security servers. However because Duo Mobile employs additional protections, attackers would still not be able to interfere with two-factor authentication.

Duo Security has fixed this vulnerability in the latest version of their iOS Duo Mobile app (version 3.7.1) published in the App Store. We recommend that you upgrade to this version as soon as possible.

 

Egnyte Community

Egnyte Community

Want to connect with other Egnyte users and our Egnyte team? Share ideas and ask questions in our Community.

Help Improve Egnyte

Every day we work hard to make Egnyte better with feedback from users to improve our products. Sign up to participate in Egnyte User Studies.