Okta Browser Plugin is available on multiple browsers like Edge, Chrome, Safari, and Firefox. Combining all these browsers, the plugin has over 5 million users.
However, this plugin was discovered to have a Cross-site Scripting vulnerability that could allow threat actors to execute arbitrary Javascript code.
Okta acted swiftly upon the report and published a security advisory to address this vulnerability.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Versions 6.5.0 through 6.31.0 of the Okta Browser Plugin for Chrome, Edge, Firefox, and Safari were identified as affecting the issue.
According to the Okta advisory, this vulnerability was assigned CVE-2024-0981, and its severity was given as 7.1 (High).
This flaw arises when users input the new credentials, and the plugin prompts users to save the credentials with Okta Personal.
However, this vulnerability does not affect Workforce Identity Cloud users if Okta Personal is not added to the browser plugin that is used to enable multi-account views.
Additionally, Okta Admin users can run the following query to search for users who are still using an outdated version of this plugin.
debugContext.debugData.oktaUserAgentExtended ne “okta-browser-plugin/6.32.0” and debugContext.debugData.oktaUserAgentExtended co “okta-browser-plugin/”
More than 100 million users use Okta to save their credentials and connect to applications both inside and outside of their organizations. In addition, the Okta Browser Plugin offers multiple features, such as
Affected Products | Fixed in Versions |
Okta Browser Plugin versions 6.5.0 through 6.31.0(Chrome/Edge/Firefox/Safari) | Okta Browser Plugin version 6.32.0 for Chrome/Edge/Safari |
It is recommended that users of this plugin upgrade to the latest versions to prevent threat actors from exploiting this vulnerability.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
TikTok, the popular video-sharing app, has been banned in the United States and removed from…
MITRE has officially released D3FEND™ 1.0, a groundbreaking cybersecurity ontology designed to standardize the vocabulary…
A recently disclosed vulnerability in Palo Alto Networks' Expedition tool has raised significant security concerns,…
FlowerStorm is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms. Phishing…
VSCode Remote Tunnels, a legitimate feature of the popular development environment, are increasingly being used…
Amazon Web Services (AWS) has recently addressed two critical security vulnerabilities affecting its popular cloud-based…