Description

The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing. Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected.

INFO

Published Date :

2024-11-01T21:21:11.040Z

Last Modified :

2024-11-05T15:23:21.631Z

Source :

Okta
AFFECTED PRODUCTS

The following products are affected by CVE-2024-9191 vulnerability.

Vendors Products
Okta
  • Verify
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-9191.

URL Resource
https://help.okta.com/oie/en-us/content/topics/releasenotes/oie-ov-release-notes.htm#panel4 cve-icon cve-icon
https://trust.okta.com/security-advisories/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact