Okta Verify Agent Windows Flaw Let Attackers Steal User Passwords

Okta, a leading identity and access management company, has patched a critical vulnerability in its Verify agent for Windows that could allow attackers to steal user passwords.

The flaw, discovered during routine penetration testing, affects versions 5.0.2 to 5.3.2 of the Okta Verify agent for Windows.

The vulnerability tracked as CVE-2024-9191 is related to the Okta Device Access features.

It enables attackers with access to a compromised device to retrieve passwords associated with Desktop MFA passwordless logins through the OktaDeviceAccessPipe.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

Importantly, this vulnerability only affects users of the Okta Device Access passwordless feature. Customers using Okta Verify on other platforms or only using FastPass are not impacted.

Okta has addressed the issue in version 5.3.3 of the Verify agent for Windows. The company strongly recommends that all affected customers upgrade to this version or later to mitigate the risk.

The timeline of the vulnerability shows it was introduced on April 17, 2024, with version 5.0.2.

An Early Access version addressing the flaw was released on September 20, 2024, followed by a Generally Available release on October 25, 2024.

This incident highlights the importance of regular security audits and prompt patching. Okta users are advised to stay vigilant and keep their software up to date to protect against potential security threats.

As the vulnerability requires access to a compromised device, organizations should also focus on overall system security to prevent initial compromise attempts.

Run private, Real-time Malware Analysis in both Windows & Linux VMs. Get a 14-day free trial with ANY.RUN!