The Latest in IT Security

Okta Post-Exploitation Method Exposes User Passwords

23
Mar
2023
Okta Post-Exploitation Method Exposes User Passwords

image credit: pixabay

A post-exploitation attack method has been uncovered that allows adversaries to read cleartext user passwords for Okta, the identity access and management (IAM) provider — and gain far-ranging access into a corporate environment.

Researchers from Mitiga discovered that the IAM system saves Okta user passwords to audit logs if a user accidentally types them in the “username” field when logging in. Threat actors who have gained access to a company’s system can then easily harvest them, elevate privileges, and gain access across multiple enterprise assets that use Okta, the researchers said.

Read More

Comments are closed.

Categories

SATURDAY, JUNE 15, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments