Okta has resolved a vulnerability that could have allowed attackers to bypass sign-on policies and gain access to applications. The issue, Okta says in a security advisory, was introduced on July 17 and only affects Okta Classic users, under certain conditions. The configured conditions could include device-type restrictions, authentication requirements defined outside the Global Session Policy, and the use of network zones. Okta urges its customers to check logs to identify unauthorized authentication events, failed authentication attempts, and unusual behavior. Last week, Okta patched the vulnerability both in production and preview environments.

Read more: https://www.securityweek.com/okta-tells-users-to-check-for-potential-exploitation-of-newly-patched-vulnerability/