Vulnerabilities > Okta > Verify > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-9191 Incorrect Default Permissions vulnerability in Okta Verify
The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins.
local
low complexity
okta CWE-276
7.8
2024-08-07 CVE-2024-7061 Uncontrolled Search Path Element vulnerability in Okta Verify
Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking.
local
low complexity
okta CWE-427
7.8