Security News > 2022 > July > Authentication Risks Discovered in Okta Platform

Authentication Risks Discovered in Okta Platform
2022-07-19 15:33

Researchers have discovered four "High impact" security risks in the identity and access management platform Okta, according to a Tuesday report.

Platforms like Okta also offer features like password management and single sign-on, allowing users to more seamlessly login and move from one software environment to another.

The newly discovered risks in Okta could allow hackers or malicious insiders to obtain passwords, take over administrator accounts, or even destroy an entire organization's data.

The corporation connected the small company's Okta as a spoke to their main Okta which acts as their hub with the default configuration.

A compromised admin from the acquired company's spoke gains super admin privileges throughout their Okta hub by impersonating a super admin, and therefore achieves full, unlimited access to the corporate's entire collection of apps and services.

Okta offers a way to turn off username duplication, but "These controls are not set by default, making the user potentially insecure from the initial settings. Okta also does little in their guide to explain to their users that they may be at significant risk from these insecure default settings."


News URL

https://threatpost.com/risks-okta-sso/180249/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Okta 8 1 4 5 0 10