惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
aimingoo的专栏
aimingoo的专栏
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
Tailwind CSS Blog
J
Java Code Geeks
博客园_首页
Google Online Security Blog
Google Online Security Blog
Hugging Face - Blog
Hugging Face - Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
I
Intezer
P
Palo Alto Networks Blog
V
Vulnerabilities – Threatpost
雷峰网
雷峰网
O
OpenAI News
SecWiki News
SecWiki News
小众软件
小众软件
酷 壳 – CoolShell
酷 壳 – CoolShell
美团技术团队
N
News | PayPal Newsroom
Project Zero
Project Zero
Forbes - Security
Forbes - Security
IT之家
IT之家
A
Arctic Wolf
WordPress大学
WordPress大学
Jina AI
Jina AI
T
Tor Project blog
博客园 - 三生石上(FineUI控件)
S
Secure Thoughts
Google DeepMind News
Google DeepMind News
Attack and Defense Labs
Attack and Defense Labs
博客园 - 聂微东
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy International News Feed
Cloudbric
Cloudbric
G
GRAHAM CLULEY
博客园 - 叶小钗
H
Hacker News: Front Page
腾讯CDC
量子位
Help Net Security
Help Net Security
人人都是产品经理
人人都是产品经理
C
Cyber Attacks, Cyber Crime and Cyber Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
宝玉的分享
宝玉的分享
爱范儿
爱范儿
L
Lohrmann on Cybersecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
Recorded Future
Recorded Future
C
CERT Recently Published Vulnerability Notes

Okta Trust

Okta Verify Desktop MFA for Windows Passwordless Login CVE-2024-9191 Okta Verify for iOS ContextExtension CVE-2024-10327 Okta Browser Plugin Reflected Cross-Site Scripting CVE-2024-0981 Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 Okta Advanced Server Access Client CVE-2023-0093 Okta Access Gateway Advisory for CVE-2022-3602 and CVE-2022-3786 Okta Active Directory Agent CVE-2022-1697 Okta Advanced Server Access Client CVE-2022-1030 Okta Advanced Server Access Client CVE-2022-24295 Okta RADIUS Server Agent CVE-2021-45105 Okta On-Prem MFA Agent CVE-2021-45046 Okta RADIUS Server Agent CVE-2021-45046 Okta On-Prem MFA Agent CVE-2021-44228 Okta RADIUS Server Agent CVE-2021-44228 Okta On-Prem MFA Agent CVE-2021-45105 Okta Verify for Windows Privilege Escalation CVE-2024-7061 Okta LDAP Agent CVE-2023-0392 - Sep 19, 2023 Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Okta Access Gateway CVE-2021-28113 - Apr 2, 2021
Okta Classic Application Sign-On Policy Bypass
Okta, Inc. · 2024-10-04 · via Okta Trust

Description

On September 27, 2024, a vulnerability was identified in specific Okta configurations whereby ​​an attacker with valid credentials could bypass configured conditions within application-specific sign-on policies. These conditions could include use of network zones, device-type restrictions or authentication requirements set outside of the Global Session Policy. After investigation, we determined that this vulnerability was introduced as part of a release that occurred on July 17th, 2024.

Affected product and versions

  • Okta Classic as of July 17, 2024 

Resolution

This vulnerability was resolved in Okta’s production environment on October 4, 2024. 

Severity Details

If the vulnerability was exploited, unauthorized access to applications associated with the application sign-on policies could be obtained. Exploitation of the vulnerability required all of the following conditions:

  1. Possession of a valid username and password;

  2. Org configured with application-specific sign-on policies;

  3. The use of a user-agent Okta evaluates as an “unknown” device type (for example Python scripts and uncommon browser types)

Customer Recommendations

Customers who were on Okta Classic as of July 17, 2024, and who meet the above conditions are advised to review the Okta System Log for unexpected authentications from user-agents evaluated by Okta as “unknown” between July 17, 2024 and October 4, 2024 using the following query: outcome.result eq "SUCCESS" and (client.device eq "Unknown" OR client.device eq "unknown") and eventType eq "user.authentication.sso"

Furthermore, Okta recommends customers:

  • Search for activity prior to July 17, 2024. If a user authenticated to the same application with the same "unknown" user-agent, this suggests that the more recent event was authorized.

  • Search for unsuccessful authentication attempts that may indicate a credential-based attack (such as credential stuffing or password spray events) immediately prior to a successful authentication event for the user, this suggests that the more recent event was not authorized.

  • Search for activity that deviates from previous user behavior such as unusual geolocations, IPs, time of access, or ASNs

  • Pay particular attention to applications with default policy rules that are not customer configurable including Microsoft Office 365 and Radius.

Timeline

  • 2024-07-17 - Vulnerability was introduced as part of a standard Okta release

  • 2024-09-27 - Vulnerability identified and PSIRT activated

  • 2024-09-27 to 2024-10-03 - Development of patches and extensive testing

  • 2024-10-04 - All vulnerable products patched in production and preview