U.S. identity and access management company Okta is urging organizations leveraging Okta Classic to examine Okta System Logs to determine abuse of a recently addressed sign-on policy bypass flaw.
The flaw could facilitate unauthorized app access among attackers with valid credentials, application-specific sign-on policies, and "unknown" user agents, according to SC Media.
Aside from reviewing "unknown" authentications from user agents between July 17 and October 4, when the issue was fixed, organizations should also monitor activity before the said date; look for failed authentication attempts potentially suggesting credential-based intrusions before successful authentication; observe unusual activity; and be vigilant of suspicious activity in Microsoft Office 365 and other apps with non-customer configurable policy rules, said Okta in an advisory to its customers.
Such exploitation should prompt Okta Classic customers to immediately strengthen the defenses of user accounts and their sign-on policies' authentication requirements, said Sectigo senior fellow Jason Soroko.
