Wiz
Vulnerability DatabaseCVE-2024-10327

CVE-2024-10327
Okta Verify vulnerability analysis and mitigation

Overview

A vulnerability in Okta Verify for iOS (CVE-2024-10327) was discovered on October 23, 2024, affecting versions 9.25.1 (beta) and 9.27.0 (including beta). The vulnerability allows authentication to proceed regardless of the user's selection when responding to push notifications through the iOS ContextExtension feature. This security issue specifically impacts users who enrolled in Okta Verify while their organization was using Okta Classic, regardless of whether they have since upgraded to Okta Identity Engine (Okta Advisory).

Technical details

The vulnerability exploits the iOS ContextExtension feature, which is one of several push mechanisms available in Okta Verify Push on iOS devices. When users interact with push notifications by long-pressing the notification banner and selecting an option, both 'Approve' and 'Deny' options result in successful authentication. The vulnerability has been assigned a CVSS v3.1 score of 8.1 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N, and is classified under CWE-287 (Improper Authentication) (Okta Advisory, NVD).

Impact

The vulnerability compromises the authentication process by allowing successful authentication regardless of the user's intended response. This affects three specific scenarios: responses from a locked screen without device unlock, notifications dragged down from the home screen, and direct replies from an Apple Watch. The impact is particularly significant as it bypasses the intended security controls of the multi-factor authentication system (Security Online).

Mitigation and workarounds

Okta has released version 9.27.2 of Okta Verify for iOS to address this vulnerability. Organizations are advised to upgrade to this version or later immediately. Additionally, Okta recommends that customers review their System Log for potentially affected users using specific search queries to identify any suspicious authentication attempts. Organizations should cross-reference IP addresses, geolocations, and ASNs against known legitimate user activity to identify potential unauthorized access (Okta Advisory).

Additional resources

SourceThis report was generated using AI

Related Okta Verify vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2024-10327HIGH8.1
  • Okta VerifyOkta Verify
  • cpe:2.3:a:okta:verify
NoNoOct 24, 2024
CVE-2024-9191HIGH7.8
  • NixOSNixOS
  • cpe:2.3:a:okta:verify:*:*:*:*:*:windows:*:*
NoYesNov 01, 2024
CVE-2024-7061HIGH7.8
  • NixOSNixOS
  • verify
NoYesAug 07, 2024
CVE-2024-0980HIGH7.1
  • Okta VerifyOkta Verify
    		NoYesMar 28, 2024

    Free Vulnerability Assessment

    Benchmark your Cloud Security Posture

    Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

    Request assessment

    Additional Wiz resources

    Cloud Vulnerability DB

    Cloud Vulnerability DB

    A community-led vulnerabilities database

    Cloud Threat Landscape

    Cloud Threat Landscape

    A threat intelligence database

    PEACH

    PEACH

    A tenant isolation framework

    Get a personalized demo

    Ready to see Wiz in action?

    "Best User Experience I have ever seen, provides full visibility to cloud workloads."
    David EstlickCISO
    "Wiz provides a single pane of glass to see what is going on in our cloud environments."
    Adam FletcherChief Security Officer
    "We know that if Wiz identifies something as critical, it actually is."
    Greg PoniatowskiHead of Threat and Vulnerability Management
    Get a demo