Four recently found attack vectors could result in account takeover, PII disclosure, and potentially organizational data destruction. According to a paper released on Tuesday, researchers have found four “high impact” security flaws in Okta’s identity and access management (IAM) technology.
The risks include the sharing of passwords and other information over unencrypted HTTP channels, cleartext password leakage via SCIM (the System for Cross-domain Identity Management), and default configurations that enable admins to infiltrate the IT environments of other organizations, and mutable identity log spoofing. Attackers that take advantage of these vulnerabilities could rob authentication data, get access to private financial and personal information, and disrupt IT settings under Okta management.
The recently identified Okta vulnerability might give hackers or nefarious insiders access to passwords, take control of administrator accounts, or even obliterate all of an organization’s data.