1 results (0.001 seconds)
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-9191
https://notcve.org/view.php?id=CVE-2024-9191
01 Nov 2024 — The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered via routine penetration testing. Note: A precondition of this vulnerability is that the user must be using the Okta Device Access passwordless feature. Okta Device Access users not using passwordless are not affected, and customers onl... • https://help.okta.com/oie/en-us/content/topics/releasenotes/oie-ov-release-notes.htm#panel4 • CWE-276: Incorrect Default Permissions •