all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Okta Customers Exposed to Risk of Password Theft and Impersonation in PassBleed Attacks

Add to bookmarks
c
Aug. 2, 2022, 9:10 a.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Authomize here.
Written by Gabriel Avner, Authomize.
Authomize’s Security Research Lab has uncovered a set of inherent risks in the popular Identity Provider Okta that put users at risk of potential compromise and exploitation.
According to Authomize’s CTO and Co-founder Gal Diskin, the risky security exposure is a flawed yet intentional design that opens the door to exploitation, and not simply a coding mistake.
“Our team discovered this risky architecture durin...

attacks customers exposed impersonation okta password risk theft

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
From gatekeeper to guardian: Why CISOs must embrace their inner business superhero 5 days, 7 hours ago | cloudsecurityalliance.org
business ciso cisos firewalls +6
Cl
Cantwell Proposes Legislation to Create a Blueprint for AI Innovation and Security 5 days, 7 hours ago | cloudsecurityalliance.org
cantwell chair commerce european union +13
Cl
Sealing Pandora's Box - The Urgent Need for Responsible AI Governance 5 days, 7 hours ago | cloudsecurityalliance.org
ai governance attention box code +15
Cl
Remote Code Execution (RCE) Lateral Movement Tactics in Cloud Exploitation 5 days, 7 hours ago | cloudsecurityalliance.org
can cloud code code execution +16
Cl
Protocols are Passé. APIs are Key for Effective Zero Trust Implementation. 6 days, 8 hours ago | cloudsecurityalliance.org
apis chandra engineer experts +17
Cl
Powerful Cloud Permissions You Should Know: Part 2 1 week, 4 days ago | cloudsecurityalliance.org
access amp att blog +13
Cl
Navigating Your Cloud Journey in 2024: Key Resources from the Cloud Security Alliance 1 week, 4 days ago | cloudsecurityalliance.org
advancement alliance challenges cloud +19
Cl
Why Do SOC Reports Have to Be Issued By a CPA Firm? 1 week, 4 days ago | cloudsecurityalliance.org
american attestation chris manager +6
Cl
Insider Data Breach at US Telecom Provider is a Wake-Up Call for HR Information Systems … 1 week, 4 days ago | cloudsecurityalliance.org
adaptive shield breach call data +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

GG9b-Assoc Eng II, Services

@ HARMAN International | IN Bengaluru EOIZ Indust Area Campus HCS
View on infosec-jobs.com

Lead Security Operations Engineer

@ S&P Global | US - NY New York City - 55 WATER ST 35 HRS
View on infosec-jobs.com

Information Systems Security Manager (ISSM)

@ STR | Arlington, VA
View on infosec-jobs.com

Sr. Site Reliability Engineer - Incident Response

@ HashiCorp | India - Bengaluru
View on infosec-jobs.com

Function Cluster Architect Product Security

@ ASML | Veldhoven, Building 03, Netherlands
View on infosec-jobs.com
View more jobs