漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing. Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
缺省权限不正确
Vulnerability Title
Okta Verify 安全漏洞
Vulnerability Description
Okta Verify是Okta公司的一款轻量级应用程序,可让您通过两步验证安全地访问您的应用程序,确保您且只有您可以访问您的应用程序帐户。 Okta Verify 5.0.2至5.3.2版本存在安全漏洞,该漏洞源于在Windows版本中,攻击者在设备被攻破的情况下,能够检索与桌面MFA无密码登录相关的密码。
CVSS Information
N/A
Vulnerability Type
N/A