CVE-2024-10327
Vulnerability from cvelistv5
Published
2024-10-24 20:17
Modified
2024-10-25 15:22
Severity ?
EPSS score ?
Summary
A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed.
The ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include:
* When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device;
* When a user is presented with a notification on the home screen and drags the notification down and selects their reply;
* When an Apple Watch is used to reply directly to a notification.
A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Okta | Okta Verify for iOS |
Version: 9.25.1 ≤ Version: 9.27.0 ≤ |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:okta:verify:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "verify",
"vendor": "okta",
"versions": [
{
"status": "affected",
"version": "9.25.1"
},
{
"status": "affected",
"version": "9.27.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10327",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T15:21:49.116020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T15:22:54.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Okta Verify for iOS",
"vendor": "Okta",
"versions": [
{
"status": "affected",
"version": "9.25.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "9.27.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2024-10-24T20:15:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user\u2019s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed. \nThe ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include: \n* When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device; \n* When a user is presented with a notification on the home screen and drags the notification down and selects their reply; \n* When an Apple Watch is used to reply directly to a notification. \n\n A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-24T20:20:37.434Z",
"orgId": "59b22baa-87b2-4371-8e4a-e080df12f74a",
"shortName": "Okta"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/"
},
{
"url": "https://help.okta.com/en-us/content/topics/releasenotes/okta-verify-release-notes.htm#panel2"
}
],
"solutions": [
{
"lang": "en",
"value": "The vulnerability is resolved in Okta Verify for iOS version 9.27.2. To remediate this vulnerability, upgrade Okta Verify for iOS to version 9.27.2 or greater."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "59b22baa-87b2-4371-8e4a-e080df12f74a",
"assignerShortName": "Okta",
"cveId": "CVE-2024-10327",
"datePublished": "2024-10-24T20:17:59.360Z",
"dateReserved": "2024-10-23T23:57:14.831Z",
"dateUpdated": "2024-10-25T15:22:54.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-10327\",\"sourceIdentifier\":\"psirt@okta.com\",\"published\":\"2024-10-24T21:15:11.730\",\"lastModified\":\"2024-10-25T12:56:07.750\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user\u2019s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed. \\nThe ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include: \\n* When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device; \\n* When a user is presented with a notification on the home screen and drags the notification down and selects their reply; \\n* When an Apple Watch is used to reply directly to a notification. \\n\\n A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en Okta Verify para las versiones iOS 9.25.1 (beta) y 9.27.0 (incluida la beta) permite respuestas de notificaciones push a trav\u00e9s de la funci\u00f3n ContextExtension de iOS, lo que permite que la autenticaci\u00f3n contin\u00fae independientemente de la selecci\u00f3n del usuario. Cuando un usuario presiona prolongadamente el banner de notificaci\u00f3n y selecciona una opci\u00f3n, ambas opciones permiten que la autenticaci\u00f3n se realice correctamente. La funci\u00f3n ContextExtension es uno de los varios mecanismos push disponibles al usar Okta Verify Push en dispositivos iOS. Los flujos vulnerables incluyen: * Cuando a un usuario se le presenta una notificaci\u00f3n en una pantalla bloqueada, el usuario presiona la notificaci\u00f3n directamente y selecciona su respuesta sin desbloquear el dispositivo; * Cuando a un usuario se le presenta una notificaci\u00f3n en la pantalla de inicio y arrastra la notificaci\u00f3n hacia abajo y selecciona su respuesta; * Cuando se usa un Apple Watch para responder directamente a una notificaci\u00f3n. Una condici\u00f3n previa para esta vulnerabilidad es que el usuario debe haberse registrado en Okta Verify mientras el cliente de Okta usaba Okta Classic. Esto se aplica independientemente de si la organizaci\u00f3n se ha actualizado desde entonces a Okta Identity Engine.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"psirt@okta.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"psirt@okta.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"references\":[{\"url\":\"https://help.okta.com/en-us/content/topics/releasenotes/okta-verify-release-notes.htm#panel2\",\"source\":\"psirt@okta.com\"},{\"url\":\"https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/\",\"source\":\"psirt@okta.com\"}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.