Okta’s login flaw exposes users to attack, says Mitiga

Share post:

According to Mitiga, Okta’s login system contains a simple error that could expose its users to future attacks.

Users are inadvertently typing their passwords into the username field during login. As a result, information from failed login attempts is stored in plain text in audit logs that track user behavior on the network. Mitiga discovered that this information is easily accessible and could be shared with third-party security vendors for Okta customers, potentially allowing attackers to compromise Okta user accounts and access any resources or applications they may have access to.

Mitiga discovered that attackers could potentially read users’ passwords and credentials stored in Okta audit logs. Furthermore, audit logs provide detailed information about user activity, such as usernames, IP addresses, and login timestamps. The logs also reveal whether login attempts were successful or unsuccessful, as well as whether they were made through a web browser or a mobile app.

Passwords were also found in the username field of failed login attempts. Hence, an attacker could attempt to log in as a user on any of the organization’s platforms that use Okta single sign-on (SSO). Furthermore, in the case of exposed administrator passwords, this information could be used to escalate privileges.

To gain access to user information, the attacker only needs to be able to read Okta audit logs. For example, an attacker with access to the SIEM product’s logs could steal user credentials.

Third-party services that integrate with Okta, such as CSPM products, could also request a “Read-only” Administrator role, which would allow them to read environment information, including audit logs. If those services or products are breached during a supply-chain attack, attackers can steal Okta users’ credentials.

The sources for this piece include an article in Axios.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways