Okta Tells Users to Check for Potential Exploitation of Newly Patched Vulnerability

2 months ago 14
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

Identity and access management solutions provider Okta has resolved a vulnerability that could have allowed attackers to bypass sign-on policies and gain access to applications.

The issue, Okta says in a security advisory, was introduced on July 17 and only affects Okta Classic users, under certain conditions.

“On September 27, 2024, a vulnerability was identified in specific Okta configurations whereby ​​an attacker with valid credentials could bypass configured conditions within application-specific sign-on policies,” the company said.

The configured conditions could include device-type restrictions, authentication requirements defined outside the Global Session Policy, and the use of network zones.

According to Okta, successful exploitation of the vulnerability required that an attacker would have a valid username and password pair, that application-specific sign-on policies were configured, and the use of a user-agent evaluated as an ‘unknown’ device type.

“Customers who were on Okta Classic as of July 17, 2024, and who meet the above conditions are advised to review the Okta System Log for unexpected authentications from user-agents evaluated by Okta as ‘unknown’ between July 17, 2024 and October 4, 2024,” the company notes.

Okta urges its customers to check logs to identify unauthorized authentication events (corresponding to events prior to July 17 showing the same ‘unknown’ user-agent), failed authentication attempts (suggesting a credential-based attack) and unusual behavior (different geolocation, IP, or timestamp).

“Pay particular attention to applications with default policy rules that are not customer configurable, including Microsoft Office 365 and Radius,” Okta said.

Advertisement. Scroll to continue reading.

Last week, Okta patched the vulnerability both in production and preview environments.

Related: Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication

Related: Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies

Related: Amtrak Says Guest Rewards Accounts Hacked in Credential Stuffing Attacks

Related: Layoffs Hit Security Vendors Okta, Proofpoint, Netography

Read Entire Article