Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
179
Views
0
Helpful
1
Replies

Lockouts caused by VPN password spray attack

smartnet@netgainis.com
Level 1
Level 1

‎04-29-2025 12:50 PM

Hello,

     We are using Duo for both Remote Access VPN on a Cisco firewall and our Office 365. Recently, password spray attacks against the VPN have been causing some of our users to become locked out of Office 365. We have enabled threat detection features on the firewall to block the worst offending IP addresses, but it doesn't really help with attacks against a single user that are originating from multiple public IPs.

    Duo policy only allows us to set the lockouts to occur after X number of consecutive failed logins. Does anyone know a solution or workaround to this issue that does not involve completely disabling the Duo lockout feature?

Thanks,

Reuben

0 Helpful
1 Reply 1

rcomeau
Level 1
Level 1

‎05-28-2025 07:56 AM

You would need certificate based VPN to completely stop password sprays.

I may put a feature request in to Duo though, it would be great if Trusted Endpoints for SAML validated before authentication, this would be the equivalent to cert based option.

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents