Okta Post-Exploitation Method Exposes User Passwords

From darkreading.com

A post-exploitation attack method has been uncovered that allows adversaries to read cleartext user passwords for Okta, the identity access and management (IAM) provider — and gain far-ranging access into a corporate environment.

Researchers from Mitiga discovered that the IAM system saves Okta user passwords to audit logs if a user accidentally types them in the “username” field when logging in. Threat actors who have gained access to a company’s system can then easily harvest them, elevate privileges, and gain access across multiple enterprise assets that use Okta, the researchers said.

Read more…