Okta Browser Plugin Vulnerable To Reflected Cross-Site Scripting Attacks

Okta Browser Plugin is supplied on extra than one browsers delight in Edge, Chrome, Safari, and Firefox. Combining all these browsers, the plugin has over 5 million customers.

Alternatively, this plugin used to be came across to maintain a Spoiled-just Scripting vulnerability that could perchance perchance allow probability actors to attain arbitrary Javascript code.

Okta acted impulsively upon the anecdote and published a safety advisory to address this vulnerability.

Versions 6.5.0 by scheme of 6.31.0 of the Okta Browser Plugin for Chrome, Edge, Firefox, and Safari had been acknowledged as affecting the challenge.

Okta Browser Plugin Vulnerability

Consistent with the Okta advisory, this vulnerability used to be assigned CVE-2024-0981, and its severity used to be given as 7.1 (Excessive).

This flaw arises when customers input the fresh credentials, and the plugin prompts customers to assign the credentials with Okta Non-public.

Alternatively, this vulnerability does not impact Group Identification Cloud customers if Okta Non-public is just not added to the browser plugin that is extinct to permit multi-anecdote views.

Additionally, Okta Admin customers can spin the next inquire of to look for customers who are easy utilizing an old-long-established model of this plugin.

debugContext.debugData.oktaUserAgentExtended ne “okta-browser-plugin/6.32.0” and debugContext.debugData.oktaUserAgentExtended co “okta-browser-plugin/”

More than 100 million customers use Okta to assign their credentials and hook up with applications both inner and outdoors of their organizations. In addition, the Okta Browser Plugin affords extra than one functions, akin to

• Robotically trace in to your change and private apps with appropriate one click
• Add your absorb apps into Okta
• Rapid generate rating, random passwords on the skim to your entire apps
• Without complications rating admission to your Okta dashboard apps and tabs
• Seamlessly and securely swap between extra than one Okta accounts

Affected Products And Fixed In Versions

It is suggested that customers of this plugin upgrade to the most fresh variations to forestall probability actors from exploiting this vulnerability.