Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Okta Tells Users to Check for Potential Exploitation of Newly Patched Vulnerability

Okta has resolved a vulnerability that could have allowed attackers to bypass sign-on policies and gain access to applications.

Identity and access management solutions provider Okta has resolved a vulnerability that could have allowed attackers to bypass sign-on policies and gain access to applications.

The issue, Okta says in a security advisory, was introduced on July 17 and only affects Okta Classic users, under certain conditions.

“On September 27, 2024, a vulnerability was identified in specific Okta configurations whereby ​​an attacker with valid credentials could bypass configured conditions within application-specific sign-on policies,” the company said.

The configured conditions could include device-type restrictions, authentication requirements defined outside the Global Session Policy, and the use of network zones.

According to Okta, successful exploitation of the vulnerability required that an attacker would have a valid username and password pair, that application-specific sign-on policies were configured, and the use of a user-agent evaluated as an ‘unknown’ device type.

“Customers who were on Okta Classic as of July 17, 2024, and who meet the above conditions are advised to review the Okta System Log for unexpected authentications from user-agents evaluated by Okta as ‘unknown’ between July 17, 2024 and October 4, 2024,” the company notes.

Okta urges its customers to check logs to identify unauthorized authentication events (corresponding to events prior to July 17 showing the same ‘unknown’ user-agent), failed authentication attempts (suggesting a credential-based attack) and unusual behavior (different geolocation, IP, or timestamp).

“Pay particular attention to applications with default policy rules that are not customer configurable, including Microsoft Office 365 and Radius,” Okta said.

Advertisement. Scroll to continue reading.

Last week, Okta patched the vulnerability both in production and preview environments.

Related: Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication

Related: Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies

Related: Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks

Related: Layoffs Hit Security Vendors Okta, Proofpoint, Netography

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.