TL;DR 📌

A medium-severity information disclosure vulnerability has been identified in the Cisco Duo Authentication Proxy. This flaw allows authenticated, high-privileged remote attackers to view sensitive information in system log files. There are no workarounds available, and users are advised to upgrade to fixed software versions.

What happened 🕵️‍♂️

A vulnerability in the debug logging function of the Cisco Duo Authentication Proxy could allow an authenticated, high-privileged remote attacker to access sensitive information that is inadequately masked in system log files. This could lead to unauthorized disclosure of sensitive data, which should remain restricted. Cisco has released software updates to address this vulnerability.