Mitiga researchers found that if users unintentionally type their passwords in the “username” field when logging in, the IAM system saves them to audit logs. Threat actors who have acquired access to a company’s system can then quickly harvest them, lift privileges, and gain access to several corporate assets that make use of Okta.
In a post, Doron Karmi, Okta senior security researcher and principal security researcher and developer wrote, “In our research, we could easily use the logs to match the password with the valid user, resulting in gaining credentials to the Okta user account.” They added further when adversaries log in to Okta as those users, it “expands the blast radius of the attack to the many platforms that Okta secures, and gaining further access to systems.”
Since Okta audit logs include specific data pertaining to user activity, such as usernames, IP addresses, and login timestamps, the vulnerability exists. The logs also reveal whether login attempts were made using a web browser or a mobile app and whether they were successful or failed.
In Defense of Okta Features
The cloud-based enterprise-grade IAM service, Okta, which links business users a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: