Cyber Security

Okta Browser Plugin Vulnerable To Reflected Cross-Site Scripting Attacks

Okta Browser Plugin is available on multiple browsers like Edge, Chrome, Safari, and Firefox. Combining all these browsers, the plugin has over 5 million users.

However, this plugin was discovered to have a Cross-site Scripting vulnerability that could allow threat actors to execute arbitrary Javascript code.

Okta acted swiftly upon the report and published a security advisory to address this vulnerability.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

Versions 6.5.0 through 6.31.0 of the Okta Browser Plugin for Chrome, Edge, Firefox, and Safari were identified as affecting the issue.

(Source: Cyber Security News)

Okta Browser Plugin Vulnerability

According to the Okta advisory, this vulnerability was assigned CVE-2024-0981, and its severity was given as 7.1 (High).

This flaw arises when users input the new credentials, and the plugin prompts users to save the credentials with Okta Personal. 

However, this vulnerability does not affect Workforce Identity Cloud users if Okta Personal is not added to the browser plugin that is used to enable multi-account views.

Additionally, Okta Admin users can run the following query to search for users who are still using an outdated version of this plugin.

debugContext.debugData.oktaUserAgentExtended ne “okta-browser-plugin/6.32.0” and debugContext.debugData.oktaUserAgentExtended co “okta-browser-plugin/”

More than 100 million users use Okta to save their credentials and connect to applications both inside and outside of their organizations. In addition, the Okta Browser Plugin offers multiple features, such as 

  • Automatically sign in to your business and personal apps with just one click
  • Add your own apps into Okta
  • Quickly generate strong, random passwords on the fly for all your apps
  • Easily access your Okta dashboard apps and tabs
  • Seamlessly and securely switch between multiple Okta accounts

Affected Products And Fixed In Versions

Affected ProductsFixed in Versions
Okta Browser Plugin versions 6.5.0 through 6.31.0(Chrome/Edge/Firefox/Safari)Okta Browser Plugin version 6.32.0 for Chrome/Edge/Safari

It is recommended that users of this plugin upgrade to the latest versions to prevent threat actors from exploiting this vulnerability.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Eswar

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.

Recent Posts

TikTok Stopped Working for US Users, Removed from Apple & Google stores

TikTok, the popular video-sharing app, has been banned in the United States and removed from…

4 hours ago

MITRE Launches D3FEND 1.0 to Standardize Cybersecurity Techniques for Countering Threats

MITRE has officially released D3FEND™ 1.0, a groundbreaking cybersecurity ontology designed to standardize the vocabulary…

23 hours ago

PoC Exploit Released for Palo Alto Expedition Tool OS Command Injection Vulnerability

A recently disclosed vulnerability in Palo Alto Networks' Expedition tool has raised significant security concerns,…

1 day ago

FlowerStorm “Phishing-as-a-Service” Attacking Microsoft Users With Fake Login Pages

FlowerStorm is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing…

1 day ago

Hackers Abusing Microsoft VSCode Remote Tunnels To Bypass Security Tools

VSCode Remote Tunnels, a legitimate feature of the popular development environment, are increasingly being used…

1 day ago

AWS Patches Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has recently addressed two critical security vulnerabilities affecting its popular cloud-based…

2 days ago