惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
N
News and Events Feed by Topic
D
DataBreaches.Net
MongoDB | Blog
MongoDB | Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Engineering at Meta
Engineering at Meta
T
Tailwind CSS Blog
博客园_首页
Microsoft Azure Blog
Microsoft Azure Blog
Y
Y Combinator Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
月光博客
月光博客
A
About on SuperTechFans
I
InfoQ
S
Securelist
Last Week in AI
Last Week in AI
S
Schneier on Security
C
CXSECURITY Database RSS Feed - CXSecurity.com
Hacker News: Ask HN
Hacker News: Ask HN
Schneier on Security
Schneier on Security
Know Your Adversary
Know Your Adversary
腾讯CDC
大猫的无限游戏
大猫的无限游戏
S
Security @ Cisco Blogs
博客园 - 三生石上(FineUI控件)
Simon Willison's Weblog
Simon Willison's Weblog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tor Project blog
美团技术团队
aimingoo的专栏
aimingoo的专栏
G
Google Developers Blog
罗磊的独立博客
Vercel News
Vercel News
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
The Cloudflare Blog
S
Secure Thoughts
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Latest news
Latest news
Recent Announcements
Recent Announcements
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
L
LINUX DO - 热门话题
Security Latest
Security Latest
TaoSecurity Blog
TaoSecurity Blog
Cyberwarzone
Cyberwarzone
有赞技术团队
有赞技术团队

Okta Trust

Okta Verify Desktop MFA for Windows Passwordless Login CVE-2024-9191 Okta Verify for iOS ContextExtension CVE-2024-10327 Okta Browser Plugin Reflected Cross-Site Scripting CVE-2024-0981 Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 Okta Advanced Server Access Client CVE-2023-0093 Okta Access Gateway Advisory for CVE-2022-3602 and CVE-2022-3786 Okta Active Directory Agent CVE-2022-1697 Okta Advanced Server Access Client CVE-2022-1030 Okta Advanced Server Access Client CVE-2022-24295 Okta RADIUS Server Agent CVE-2021-45105 Okta On-Prem MFA Agent CVE-2021-45046 Okta RADIUS Server Agent CVE-2021-45046 Okta On-Prem MFA Agent CVE-2021-44228 Okta RADIUS Server Agent CVE-2021-44228 Okta On-Prem MFA Agent CVE-2021-45105 Okta Verify for Windows Privilege Escalation CVE-2024-7061 Okta LDAP Agent CVE-2023-0392 - Sep 19, 2023 Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Okta Access Gateway CVE-2021-28113 - Apr 2, 2021
Okta Classic Application Sign-On Policy Bypass
Okta, Inc. · 2024-10-04 · via Okta Trust

Description

On September 27, 2024, a vulnerability was identified in specific Okta configurations whereby ​​an attacker with valid credentials could bypass configured conditions within application-specific sign-on policies. These conditions could include use of network zones, device-type restrictions or authentication requirements set outside of the Global Session Policy. After investigation, we determined that this vulnerability was introduced as part of a release that occurred on July 17th, 2024.

Affected product and versions

  • Okta Classic as of July 17, 2024 

Resolution

This vulnerability was resolved in Okta’s production environment on October 4, 2024. 

Severity Details

If the vulnerability was exploited, unauthorized access to applications associated with the application sign-on policies could be obtained. Exploitation of the vulnerability required all of the following conditions:

  1. Possession of a valid username and password;

  2. Org configured with application-specific sign-on policies;

  3. The use of a user-agent Okta evaluates as an “unknown” device type (for example Python scripts and uncommon browser types)

Customer Recommendations

Customers who were on Okta Classic as of July 17, 2024, and who meet the above conditions are advised to review the Okta System Log for unexpected authentications from user-agents evaluated by Okta as “unknown” between July 17, 2024 and October 4, 2024 using the following query: outcome.result eq "SUCCESS" and (client.device eq "Unknown" OR client.device eq "unknown") and eventType eq "user.authentication.sso"

Furthermore, Okta recommends customers:

  • Search for activity prior to July 17, 2024. If a user authenticated to the same application with the same "unknown" user-agent, this suggests that the more recent event was authorized.

  • Search for unsuccessful authentication attempts that may indicate a credential-based attack (such as credential stuffing or password spray events) immediately prior to a successful authentication event for the user, this suggests that the more recent event was not authorized.

  • Search for activity that deviates from previous user behavior such as unusual geolocations, IPs, time of access, or ASNs

  • Pay particular attention to applications with default policy rules that are not customer configurable including Microsoft Office 365 and Radius.

Timeline

  • 2024-07-17 - Vulnerability was introduced as part of a standard Okta release

  • 2024-09-27 - Vulnerability identified and PSIRT activated

  • 2024-09-27 to 2024-10-03 - Development of patches and extensive testing

  • 2024-10-04 - All vulnerable products patched in production and preview