Okta Browser Plugin Vulnerable To Reflected Cross-Site Scripting Attacks
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Okta Browser Plugin is available on multiple browsers like Edge, Chrome, Safari, and Firefox. Combining all these browsers, the plugin has over 5 million users.
However, this plugin was discovered to have a Cross-site Scripting vulnerability that could allow threat actors to execute arbitrary Javascript code.
Okta acted swiftly upon the report and published asecurity advisoryto address this vulnerability.
Versions 6.5.0 through 6.31.0 of the Okta Browser Plugin for Chrome, Edge, Firefox, and Safari were identified as affecting the issue.
(Source: Cyber Security News)
Okta Browser Plugin Vulnerability
According to the Okta advisory, this vulnerability was assigned CVE-2024-0981, and its severity was given as 7.1 ( High ).
This flaw arises when users input the new credentials, and the plugin prompts users to save the credentials with Okta Personal.
However, this vulnerability does not affect Workforce Identity Cloud users if Okta Personal is not added to the browser plugin that is used to enable multi-account views.
Additionally, Okta Admin users can run the following query to search for users who are still using an outdated version of this plugin.
debugContext.debugData.oktaUserAgentExtended ne “okta-browser-plugin/6.32.0” and debugContext.debugData.oktaUserAgentExtended co “okta-browser-plugin/”
More than 100 million users use Okta to save their credentials and connect to applications both inside and outside of their organizations. In addition, the Okta Browser Plugin offers multiple features, such as
Affected Products And Fixed In Versions
Affected Products Fixed in Versions Okta Browser Plugin versions 6.5.0 through 6.31.0(Chrome/Edge/Firefox/Safari)Okta Browser Plugin version 6.32.0 for Chrome/Edge/Safari
It is recommended that users of this plugin upgrade to the latest versions to prevent threat actors from exploiting this vulnerability.
#Cyber_Security #Cyber_Security_News #Vulnerability #Web_Security #Cross-Site_Scripting #cyber_security #cyber_security_news #Okta_Browser_Plugin
Оригинальная версия на сайте:
Okta Browser Plugin Vulnerable To Reflected Cross-Site Scripting Attacks
Author: EswarOkta Browser Plugin is available on multiple browsers like Edge, Chrome, Safari, and Firefox. Combining all these browsers, the plugin has over 5 million users.
However, this plugin was discovered to have a Cross-site Scripting vulnerability that could allow threat actors to execute arbitrary Javascript code.
Okta acted swiftly upon the report and published asecurity advisoryto address this vulnerability.
Versions 6.5.0 through 6.31.0 of the Okta Browser Plugin for Chrome, Edge, Firefox, and Safari were identified as affecting the issue.
(Source: Cyber Security News)Okta Browser Plugin Vulnerability
According to the Okta advisory, this vulnerability was assigned CVE-2024-0981, and its severity was given as 7.1 ( High ).
This flaw arises when users input the new credentials, and the plugin prompts users to save the credentials with Okta Personal.
However, this vulnerability does not affect Workforce Identity Cloud users if Okta Personal is not added to the browser plugin that is used to enable multi-account views.
Additionally, Okta Admin users can run the following query to search for users who are still using an outdated version of this plugin.
debugContext.debugData.oktaUserAgentExtended ne “okta-browser-plugin/6.32.0” and debugContext.debugData.oktaUserAgentExtended co “okta-browser-plugin/”
More than 100 million users use Okta to save their credentials and connect to applications both inside and outside of their organizations. In addition, the Okta Browser Plugin offers multiple features, such as
- Automatically sign in to your business and personal apps with just one click
- Add your own apps into Okta
- Quickly generate strong, random passwords on the fly for all your apps
- Easily access your Okta dashboard apps and tabs
- Seamlessly and securely switch between multiple Okta accounts
Affected Products And Fixed In Versions
Affected Products Fixed in Versions Okta Browser Plugin versions 6.5.0 through 6.31.0(Chrome/Edge/Firefox/Safari)Okta Browser Plugin version 6.32.0 for Chrome/Edge/Safari
It is recommended that users of this plugin upgrade to the latest versions to prevent threat actors from exploiting this vulnerability.
#Cyber_Security #Cyber_Security_News #Vulnerability #Web_Security #Cross-Site_Scripting #cyber_security #cyber_security_news #Okta_Browser_Plugin
Оригинальная версия на сайте:
