Okta Post-Exploitation Method Exposes User Passwords

23-Mar-23

Passwords that are accidentally entered into the username field of the platform are saved to audit logs, where threat actors can access them and utilise them to compromise business services. It has been discovered that a post-exploitation attack technique for Okta, the identity access and management (IAM) provider, enables adversaries to read cleartext user passwords and acquire extensive access to a corporate environment.

When a user unintentionally types their passwords in the “username” field when logging in, the IAM system saves them to audit logs, according to research by Mitiga. Threat actors with access to a company’s system can then easily harvest them, escalate privileges, and obtain access to several corporate assets that use Okta, the researchers added.

Read More…