Approved changes feed: RSS · Atom
cpe:2.3:a:okta:verify:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Okta (23e081ab-902b-5fcb-b218-10b72ec8f1f4) |
|---|---|
| Product | Verify (5518764f-e2d1-527d-95f3-f196a65e98ea) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-9191 |
vulnerable | 2026-06-03 14:58:20.702209 |
Details available
HIGH (7.1)
The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing.
Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers only using Okta Verify on platforms other than Windows, or only using FastPass are not affected.
Published: 2024-11-01T21:21:11.040Z
Updated: 2024-11-05T15:23:21.631Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10327 |
vulnerable | 2026-06-03 14:54:05.359842 |
Details available
HIGH (8.1)
A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed.
The ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include:
* When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device;
* When a user is presented with a notification on the home screen and drags the notification down and selects their reply;
* When an Apple Watch is used to reply directly to a notification.
A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine.
Published: 2024-10-24T20:17:59.360Z
Updated: 2024-10-25T15:22:54.766Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0980 |
vulnerable | 2026-06-03 14:54:04.622342 |
Details available
The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.
Published: 2024-03-27T23:16:37.513Z
Updated: 2024-08-01T18:26:30.489Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.