Okta Post-Exploitation Method Exposes User Passwords

A post-exploitation attack method has been uncovered that allows adversaries to read cleartext user passwords for Okta, the identity access and management (IAM) provider — and gain far-ranging access into a corporate environment. Researchers from Mitiga discovered that the IAM system saves Okta user passwords to audit logs if a user accidentally types them in the “username”

Read full article on Dark Reading: Cloud

 


Date:

Categorie(s):