Duo Hackcom Sonic Fixed -

Let’s dismantle the technical details. To understand the fix, you must first understand the exploit. Dubbed "HackCom" by the researcher who discovered it (a nod to the classic hacker convention), the flaw resided not in Duo’s cloud service, but in the SonicWall SMA 100 series handshake logic with the Duo Authentication Proxy. The Vulnerability (CVE-2025-49876) In versions prior to SonicWall SMA 100 firmware 12.4.3-037 and Duo Authentication Proxy 6.6.0, a race condition existed during the RADIUS challenge-response cycle.

Date: May 2, 2026 Reading Time: 6 Minutes Author: Edge Security Team duo hackcom sonic fixed

Today, that vulnerability has been laid to rest. Let’s dismantle the technical details