Okta Post-Exploitation Method Exposes User Passwords
Okta Post-Exploitation Method Exposes User Passwords
27 March 2023
Researchers from Mitiga discovered that the IAM system saves Okta user passwords to audit logs if a user accidentally types them in the "username" field when logging in, thereby allowing threat actors with access to a company system to harvest them.