Your Okta passwords can be easily hacked, experts claim
Date:
Mon, 27 Mar 2023 10:25:21 +0000
Description:
In some cases, Okta passwords were allegedly stored in audit logs in plain text.
FULL STORY ======================================================================
A significant security flaw has reportedly been detected in identity and access management powerhouse Okta 's platform which could have given threat actors access to user login credentials, and ultimately access to any resources or applications they use.
Cybersecurity researchers from Mitiga found that in some cases, Okta
presented user passwords in audit logs, stored in plain text. Thus, should an unauthorized third party gain access to those logs, theyd be given the keys
to the kingdom. The researchers described this as a post-exploitation attack method.
Every login attempt is logged, the researchers explain. Sometimes, people mistakenly type in their password into the username field, which obviously results in a failed login attempt. However, as everythings logged, this gets logged, too, with the password being shown in plain text. MFA to the rescue
Okta also keeps other sensitive data in the logs, as well, the researchers found. Besides usernames, that includes IP addresses and login timestamps. Furthermore, the logs show if the login attempt was successful or not, and whether it was done via a web browser or a mobile app.
To mitigate the risk, Mitiga says, the best course of action is to set up multi-factor authentication (MFA). While the method is not foolproof, it will significantly lower the chances of threat actors using audit logs to compromise accounts.
After reaching out to Okta, the company confirmed Mitigas findings but played down the importance, saying admins are the only ones with access to the audit logs, and these should be trusted individuals, by default. Read more
Facebook stored hundreds of millions of user passwords in plain text
How to create a complicated yet memorable password
These are the best endpoint protection tools right now
Okta has reviewed the reported issue and confirmed that it is expected behavior when users mistakenly enter their password in the username field,
the company said. Okta logs failed login attempts and includes the erroneous username in the logs. These logs are only accessible to Okta administrators, who are the most privileged users in Okta and should be trusted not to engage in malicious activities.
Additionally, Okta recommends enforcing phishing-resistant multi-factor authentication to further enhance the security of the Okta platform. By default, MFA is enforced when accessing the Okta Admin console. A bad actor would not be able to access the admin console without providing additional factors for login. Similarly, admins can set up an Authentication Policy that requires additional MFA when logging in to specific applications, which would further restrict what actions a bad actor can perform. Check out the best firewalls today
======================================================================
Link to news story:
https://www.techradar.com/news/your-okta-passwords-can-be-easily-hacked-expert s-claim
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)