fkie_cve-2024-10327
Vulnerability from fkie_nvd
Published
2024-10-24 21:15
Modified
2024-10-25 12:56
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Summary
A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed. The ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include: * When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device; * When a user is presented with a notification on the home screen and drags the notification down and selects their reply; * When an Apple Watch is used to reply directly to a notification. A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine.
References
psirt@okta.comhttps://help.okta.com/en-us/content/topics/releasenotes/okta-verify-release-notes.htm#panel2
psirt@okta.comhttps://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/
Impacted products
Vendor Product Version


To clipboard 

{
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed. \nThe ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include: \n* When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device; \n* When a user is presented with a notification on the home screen and drags the notification down and selects their reply; \n* When an Apple Watch is used to reply directly to a notification. \n\n A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad en Okta Verify para las versiones iOS 9.25.1 (beta) y 9.27.0 (incluida la beta) permite respuestas de notificaciones push a través de la función ContextExtension de iOS, lo que permite que la autenticación continúe independientemente de la selección del usuario. Cuando un usuario presiona prolongadamente el banner de notificación y selecciona una opción, ambas opciones permiten que la autenticación se realice correctamente. La función ContextExtension es uno de los varios mecanismos push disponibles al usar Okta Verify Push en dispositivos iOS. Los flujos vulnerables incluyen: * Cuando a un usuario se le presenta una notificación en una pantalla bloqueada, el usuario presiona la notificación directamente y selecciona su respuesta sin desbloquear el dispositivo; * Cuando a un usuario se le presenta una notificación en la pantalla de inicio y arrastra la notificación hacia abajo y selecciona su respuesta; * Cuando se usa un Apple Watch para responder directamente a una notificación. Una condición previa para esta vulnerabilidad es que el usuario debe haberse registrado en Okta Verify mientras el cliente de Okta usaba Okta Classic. Esto se aplica independientemente de si la organización se ha actualizado desde entonces a Okta Identity Engine.",
      },
   ],
   id: "CVE-2024-10327",
   lastModified: "2024-10-25T12:56:07.750",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 8.1,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.2,
            source: "psirt@okta.com",
            type: "Secondary",
         },
      ],
   },
   published: "2024-10-24T21:15:11.730",
   references: [
      {
         source: "psirt@okta.com",
         url: "https://help.okta.com/en-us/content/topics/releasenotes/okta-verify-release-notes.htm#panel2",
      },
      {
         source: "psirt@okta.com",
         url: "https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/",
      },
   ],
   sourceIdentifier: "psirt@okta.com",
   vulnStatus: "Awaiting Analysis",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-287",
            },
         ],
         source: "psirt@okta.com",
         type: "Secondary",
      },
   ],
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.