"Okta Exposes Passwords in Clear Text for Possible Theft"

Researchers from Authomize claim that Okta, an identity services provider, has major security issues that make it simple for an attacker to remotely access the platform, obtain plaintext passwords, pose as users of downstream applications, and edit logs to erase any traces of their previous visits. However, Okta told the researchers that the issues are features, not bugs, and that the app works as intended. Last January, the threat group Lapsus$ claimed to have breached Okta using "superuser" account credentials and posted screenshots from internal systems. It was determined that the incident affected 366 Okta customers. Following the disclosure of the Okta breach earlier this year, the researchers focused their efforts on determining what types of actions a malicious actor could take if they gained even a minimal level of access to the Okta platform, according to Authomize CTO Gal Diskin. According to Diskin, Okta's password synching architecture allows potential malicious actors to access passwords in plaintext, including admin credentials, even over encrypted channels. To do so, the attacker would need to be signed into the system as an app admin of a downstream app and then reconfigure the System for Cross-domain Identity Management (SCIM) to capture passwords for any Okta user. This article continues to discuss the security risks discovered in the Identity and Access Management (IAM) platform Okta.

Dark Reading reports "Okta Exposes Passwords in Clear Text for Possible Theft"