Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Okta Tells Users to Check for Potential Exploitation of Newly Patched Vulnerability

Okta has resolved a vulnerability that could have allowed attackers to bypass sign-on policies and gain access to applications.

Identity and access management solutions provider Okta has resolved a vulnerability that could have allowed attackers to bypass sign-on policies and gain access to applications.

The issue, Okta says in a security advisory, was introduced on July 17 and only affects Okta Classic users, under certain conditions.

“On September 27, 2024, a vulnerability was identified in specific Okta configurations whereby ​​an attacker with valid credentials could bypass configured conditions within application-specific sign-on policies,” the company said.

The configured conditions could include device-type restrictions, authentication requirements defined outside the Global Session Policy, and the use of network zones.

According to Okta, successful exploitation of the vulnerability required that an attacker would have a valid username and password pair, that application-specific sign-on policies were configured, and the use of a user-agent evaluated as an ‘unknown’ device type.

“Customers who were on Okta Classic as of July 17, 2024, and who meet the above conditions are advised to review the Okta System Log for unexpected authentications from user-agents evaluated by Okta as ‘unknown’ between July 17, 2024 and October 4, 2024,” the company notes.

Okta urges its customers to check logs to identify unauthorized authentication events (corresponding to events prior to July 17 showing the same ‘unknown’ user-agent), failed authentication attempts (suggesting a credential-based attack) and unusual behavior (different geolocation, IP, or timestamp).

“Pay particular attention to applications with default policy rules that are not customer configurable, including Microsoft Office 365 and Radius,” Okta said.

Advertisement. Scroll to continue reading.

Last week, Okta patched the vulnerability both in production and preview environments.

Related: Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication

Related: Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies

Related: Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks

Related: Layoffs Hit Security Vendors Okta, Proofpoint, Netography

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.