Okta’s login flaw exposes users to attack, says Mitiga

According to Mitiga, Okta’s login system contains a simple error that could expose its users to future attacks.

Users are inadvertently typing their passwords into the username field during login. As a result, information from failed login attempts is stored in plain text in audit logs that track user behavior on the network. Mitiga discovered that this information is easily accessible and could be shared with third-party security vendors for Okta customers, potentially allowing attackers to compromise Okta user accounts and access any resources or applications they may have access to.

Mitiga discovered that attackers could potentially read users’ passwords and credentials stored in Okta audit logs. Furthermore, audit logs provide detailed information about user activity, such as usernames, IP addresses, and login timestamps. The logs also reveal whether login attempts were successful or unsuccessful, as well as whether they were made through a web browser or a mobile app.

Passwords were also found in the username field of failed login attempts. Hence, an attacker could attempt to log in as a user on any of the organization’s platforms that use Okta single sign-on (SSO). Furthermore, in the case of exposed administrator passwords, this information could be used to escalate privileges.

To gain access to user information, the attacker only needs to be able to read Okta audit logs. For example, an attacker with access to the SIEM product’s logs could steal user credentials.

Third-party services that integrate with Okta, such as CSPM products, could also request a “Read-only” Administrator role, which would allow them to read environment information, including audit logs. If those services or products are breached during a supply-chain attack, attackers can steal Okta users’ credentials.

The sources for this piece include an article in Axios.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web