Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
540
Views
1
Helpful
2
Replies

Is Duo susceptible to "Remember me" cookie compromise?

bjames
Level 5
Level 5

‎11-06-2024 08:51 AM

Hi,

 

I see the FBI warning the hackers are stealing session cookies and can use them to by pass creds and MFA when logging into a site. These cookies are usually the Remember this device or remember me session cookies.

I wanted to know if Duo can be bypassed if someone steals this cookie from a browser?

If so what mitigation tactics are available?

Thanks

 

Labels:
0 Helpful
2 Replies 2

DuoKristina
Cisco Employee
Cisco Employee

‎11-08-2024 06:39 AM

More details about how the Remembered Devices feature works are here: https://help.duo.com/s/article/1012

There are also some mitigation steps such as how to invalidate a remembered device session here: https://help.duo.com/s/article/3894 

Enabling Risk-Based Authentication for remembered devices adds protection against scenarious that may be cause by cookie replay, for example, geographically impossible access using the same cookie (i.e. auth from a US IP and then from a China IP a minute later).

Requiring secure factors like roaming/platform authenticators or verified Duo Push also help to establish the security of the initial session. Allowing access from registered and trusted endpoint devices only also prevents use of valid session cookies on devices you do not manage.


 

Duo, not DUO.

bjames
Level 5
Level 5
In response to DuoKristina

‎11-08-2024 07:36 AM

Thank you Kristina!

I think our policies and other tools that we manage will work in tandem to prevent this.

Good information!

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents