Skip to main content

Researchers discover way to impersonate Okta user in popular cloud environments

posted onAugust 29, 2022
by l33tdawg
SC Magazine
Credit: SC Magazine

Researchers on Monday reported discovering an impersonation technique in Okta that can cause an Okta Administrator to have themselves or someone else have elevated rights as an impersonated user in another application or environment such as Azure, the Google Cloud Platform, or AWS.

In a blog post, Permiso Security and ACV Auctions said, based on “in the wild” detections they reviewed, the impersonation technique is also an effective method of bypassing multi-factor authentication (MFA). While the impersonator may have had to pass their own MFA check, they are not forced to provide an MFA verification again under the context of the impersonated user. Ian Ahl, vice president of P0 Labs at Permiso explained how this would work:

“In Okta, you have your normal username that you log into Okta with, but you can also have application-specific usernames. The impersonation technique takes advantage of being able to have different application usernames. The attacker simply modifies the application username to be the identity they wish to impersonate. The attacker would then log on to the Okta portal with their normal identity (john@example.com) and then click on the AWS app, for example, which is now configured to (sally@example.com), allowing them to authenticate into AWS as Sally.”

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th