Okta Exposes Passwords in Clear Text for Possible Theft

  /     /     /  
Publicated : 23/11/2024   Category : security


Okta Exposes Passwords in Clear Text for Possible Theft


Researchers say Okta could allow attackers to easily exfiltrate passwords, impersonate other users, and alter logs to cover their tracks.



Identity services provider Okta is facing serious security flaws, researchers contend, that could easily let an attacker gain remote access to the platform, extract plaintext passwords, impersonate users of downstream applications, and alter logs to hide any evidence they were ever there.
Thats according to researchers from Authomize. However, Okta said in a blog that
the issues are features, not bugs
— and that the app works according to design.
Last January, threat group Lapsus$ claimed to have
breached Okta
with superuser account credentials, posting screenshots they claimed to have grabbed from internal systems. It was determined 366 Okta customers were potentially impacted in that incident, though Okta later said it determined
only two actual breaches
.
Following the news of the Okta breach earlier this year, we focused our efforts on understanding what sorts of actions a malicious actor could do if they achieved even a minimal level of access within the Okta platform, Authomize CTO Gal Diskin said in the teams security analysis this week.
Diskin explained Oktas architecture for password synching allows potential malicious actors to access passwords in plaintext, including admin credentials, even over encrypted channels. To do so, the attacker would need to be signed into the system as an app admin of a downstream app (examples include customer service agents or financial operations teams) — from there, the person could reconfigure the System for Cross-domain Identity Management (SCIM) to nab passwords for any Okta user in the organization.
All that is needed for extracting the clear text passwords is for an actor to gain app admin privileges, according to
the report
. Given the constantly expanding number of users within organizations of all sizes, especially in enterprises, Diskin said that the probability of an app admin being compromised is statistically quite high, with the
Verizon Data Breach Investigations Report
for 2022 finding that 82% of breaches involved human elements like stolen credentials and phishing. More concerningly, these app admins are generally not treated as privileged identities.
For Oktas part, the passwords are in clear text because there is no standard reliable protocol for syncing hashes, researchers noted. However, Authomize noted that Okta did pledge to have its product team take a closer look at the password-leak risks.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Okta Exposes Passwords in Clear Text for Possible Theft