The Okta Browser Plugin, available on popular browsers like Edge, Chrome, Safari, and Firefox, has over 5 million users. Recently, a Cross-Site Scripting (XSS) vulnerability was discovered in the plugin, potentially allowing threat actors to execute arbitrary JavaScript code.
Okta responded swiftly to the report, publishing a security advisory to address the issue. The affected versions include 6.5.0 through 6.31.0 for Chrome, Edge, Firefox, and Safari.
According to the Okta advisory, this vulnerability, identified as CVE-2024-0981, has a severity rating of 7.1 (High). The flaw occurs when users input new credentials, and the plugin prompts them to save these credentials with Okta Personal. Notably, this vulnerability does not impact Workforce Identity Cloud users if Okta Personal is not added to the browser plugin.
To mitigate this issue, Okta Admin users can run a specific query to identify users still using outdated versions of the plugin:
debugContext.debugData.oktaUserAgentExtended ne “okta-browser-plugin/6.32.0” and debugContext.debugData.oktaUserAgentExtended co “okta-browser-plugin/”
With over 100 million users relying on Okta for credential storage and application access, the browser plugin offers several features, such as:
- Automatically signing in to business and personal apps with one click
- Adding personal apps into Okta
- Generating strong, random passwords on the fly
- Accessing the Okta dashboard apps and tabs
- Securely switching between multiple Okta accounts
Okta Browser Plugin Vulnerable To Reflected Cross-Site Scripting Attacks @The_Cyber_News
Learn more: https://t.co/yo1aY3wHZj
This flaw occurs when users input the new credentials, and the plugin prompts them to save them with Okta Personal.#cybersecuritynews #viulnerability
— Cyber Security News (@The_Cyber_News) July 23, 2024
Affected Products and Fixed Versions:
- Affected Products: Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari)
- Fixed in Versions: Okta Browser Plugin version 6.32.0 for Chrome/Edge/Safari
Users are strongly advised to upgrade to the latest versions to prevent exploitation of this vulnerability. Keeping software up to date is crucial to maintaining security and protecting against potential threats.
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.
