Overview
- Description
- A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the notification banner and selects an option, both options allow the authentication to succeed. The ContextExtension feature is one of several push mechanisms available when using Okta Verify Push on iOS devices. The vulnerable flows include: * When a user is presented with a notification on a locked screen, the user presses on the notification directly and selects their reply without unlocking the device; * When a user is presented with a notification on the home screen and drags the notification down and selects their reply; * When an Apple Watch is used to reply directly to a notification. A pre-condition for this vulnerability is that the user must have enrolled in Okta Verify while the Okta customer was using Okta Classic. This applies irrespective of whether the organization has since upgraded to Okta Identity Engine.
- Source
- psirt@okta.com
- NVD status
- Awaiting Analysis
Risk scores
CVSS 3.1
- Type
- Secondary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- HIGH
Weaknesses
- psirt@okta.com
- CWE-287
Social media
- Hype score
- Not currently trending
Okta Verify for iOS の脆弱性 CVE-2024-10327 が FIX:不正アクセスが生じる恐れ https://t.co/OFYqGEMpdI #MFA #Okta #Verify
@iototsecnews
5 Nov 2024
132 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Okta Verify for iOS ContextExtension CVE-2024-10327 https://t.co/j1upS91Iw0 #patchmanagement
@eyalestrin
30 Oct 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Threat Alert: CVE-2024-10327: Okta Verify for iOS Vulnerability Could Allow Unauthorized Acces CVE-2024-10327 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/cJAH1OgccS #CyberSecurity #ThreatIntel #InfoSec
@fletch_ai
29 Oct 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【バグ】Okta Verify for iOSに、認証リクエストを拒否してもユーザーアカウントへの不正アクセスが可能となる脆弱性。CVE-2024-10327はCVSSスコア8.1で、通知バナーを長押ししてから許可か拒否のどちらかを選択すると、どちらを選んでも認証が成功する。 https://t.co/eNFoVIZLhg
@__kokumoto
27 Oct 2024
2988 Impressions
2 Retweets
9 Likes
2 Bookmarks
0 Replies
1 Quote
Top 5 Trending CVEs: 1 - CVE-2024-47575 2 - CVE-2024-9680 3 - CVE-2024-38094 4 - CVE-2024-10327 5 - CVE-2024-20412 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Oct 2024
90 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
Okta Verify for iOS: ContextExtension improper authentication leads to bypass URL: https://t.co/Or9tpP0YbC Classification: Severe, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 8.1 CVEs: CVE-2024-10327 #ios #apple #icloud #iphone
@CharyyevPerman
26 Oct 2024
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10327: Okta Verify for iOS Vulnerability Could Allow Unauthorized Access Understand the impact of the CVE-2024-10327 vulnerability in #Okta Verify for #iOS and how it can grant attackers access to user accounts. https://t.co/pv4lfwsiGc
@the_yellow_fall
26 Oct 2024
222 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-10327: Okta Verify for iOS Vulnerability Could Allow Unauthorized Access https://t.co/eqYoXJoAJi
@Dinosn
26 Oct 2024
2339 Impressions
7 Retweets
14 Likes
4 Bookmarks
0 Replies
0 Quotes
CVE-2024-10327 A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to p... https://t.co/1HKbGTHVRl
@VulmonFeeds
25 Oct 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-10327 A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature … https://t.co/B66oUo89Rj
@CVEnew
24 Oct 2024
378 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes