惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
爱范儿
爱范儿
Recent Announcements
Recent Announcements
AI
AI
V
Visual Studio Blog
H
Heimdal Security Blog
L
LINUX DO - 最新话题
Attack and Defense Labs
Attack and Defense Labs
宝玉的分享
宝玉的分享
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
W
WeLiveSecurity
人人都是产品经理
人人都是产品经理
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
S
Secure Thoughts
S
Security Affairs
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
N
News and Events Feed by Topic
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
博客园 - 聂微东
博客园 - Franky
阮一峰的网络日志
阮一峰的网络日志
Schneier on Security
Schneier on Security
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research
Forbes - Security
Forbes - Security
The Cloudflare Blog
博客园 - 【当耐特】
酷 壳 – CoolShell
酷 壳 – CoolShell
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
月光博客
月光博客
有赞技术团队
有赞技术团队
博客园 - 司徒正美
博客园_首页
Recent Commits to openclaw:main
Recent Commits to openclaw:main
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
NISL@THU
NISL@THU
C
Cybersecurity and Infrastructure Security Agency CISA
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
P
Proofpoint News Feed
罗磊的独立博客
V
Vulnerabilities – Threatpost
S
Securelist
N
News and Events Feed by Topic
Cloudbric
Cloudbric
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
V2EX - 技术
V2EX - 技术
小众软件
小众软件

Okta Trust

Okta Verify Desktop MFA for Windows Passwordless Login CVE-2024-9191 Okta Classic Application Sign-On Policy Bypass Okta Browser Plugin Reflected Cross-Site Scripting CVE-2024-0981 Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 Okta Advanced Server Access Client CVE-2023-0093 Okta Access Gateway Advisory for CVE-2022-3602 and CVE-2022-3786 Okta Active Directory Agent CVE-2022-1697 Okta Advanced Server Access Client CVE-2022-1030 Okta Advanced Server Access Client CVE-2022-24295 Okta RADIUS Server Agent CVE-2021-45105 Okta On-Prem MFA Agent CVE-2021-45046 Okta RADIUS Server Agent CVE-2021-45046 Okta On-Prem MFA Agent CVE-2021-44228 Okta RADIUS Server Agent CVE-2021-44228 Okta On-Prem MFA Agent CVE-2021-45105 Okta Verify for Windows Privilege Escalation CVE-2024-7061 Okta LDAP Agent CVE-2023-0392 - Sep 19, 2023 Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Okta Access Gateway CVE-2021-28113 - Apr 2, 2021
Okta Verify for iOS ContextExtension CVE-2024-10327
Okta, Inc. · 2024-10-24 · via Okta Trust

Description

A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed. 

The ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include:

  • When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device;

  • When a user is presented with a notification on the home screen and drags the notification down and selects their reply;

  • When an Apple Watch is used to reply directly to a notification.

Affected product and versions

  • Okta Verify for iOS version 9.25.1 (beta), available in Apple TestFlight from September 30, 2024

  • Okta Verify for iOS version 9.27.0 (beta) available in Apple TestFlight from October 10, 2024.

  • Okta Verify for iOS version 9.27.0 released to the Apple App Store from Monday, October 21, 2024

A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine.

Note: Users will no longer be able to authenticate from vulnerable versions (see above) of the iOS application.

Customer Recommendations

Customers are advised to review the Okta System Log to identify if any of their users have Okta Verify for iOS version 9.25.1 (beta) or 9.27.0.

Search query for version 9.25.1 (beta):

eventType eq "user.authentication.auth_via_mfa" and debugContext.debugData.factor eq "OKTA_VERIFY_PUSH" and client.userAgent.rawUserAgent co "B7F62B65BN.com.okta.mobile/9.25.1" and outcome.result eq "SUCCESS"

Search query for version 9.27.0:

eventType eq "user.authentication.auth_via_mfa" and debugContext.debugData.factor eq "OKTA_VERIFY_PUSH" and client.userAgent.rawUserAgent co "B7F62B65BN.com.okta.mobile/9.27.0" and outcome.result eq "SUCCESS"

Additionally, we recommend customers cross-referencing the associated IP addresses, geolocations, and ASNs against known legitimate user activity. This will help identify any activity that deviates from previous user behavior. Customers should review for unusual or malicious activity, such as logins from unfamiliar IP addresses or locations inconsistent with normal user behavior.

Resolution

The vulnerability is resolved in Okta Verify for iOS version 9.27.2. To remediate this vulnerability, upgrade Okta Verify for iOS to version 9.27.2 or greater from the Apple App Store.

Timeline

2024-09-30 - Okta Verify 9.25.1 (beta) available through Apple TestFlight 

2024-10-10 - Okta Verify 9.27.0 (beta) available through Apple TestFlight

2024-10-21 - Okta Verify 9.27.0 for iOS released in Apple App Store 

2024-10-23 - Okta Verify 9.27.0 and 9.25.1 (beta) for iOS vulnerability discovered 

2024-10-23 - Development of patch and testing

2024-10-23 - Okta Verify 9.27.2 for iOS version available in the Apple App Store, this version supersedes all prior versions

CVE details

CVE ID

CVE-2024-10327

Published Date

October 24, 2024

Vulnerability Type

Improper Authentication

CWE

CWE-287: Improper Authentication

CVSS v3

Score: 8.1

Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Note: this advisory has been updated to reflect that vulnerable versions will no longer be able to authenticate.