What's really concerning is if this turns out to be true, Okta has, at a minimum 26k (yes), customers right now. A simple enumeration of subdomains reveals this. I've put them here in a paste: https://ghostbin.com/K7tIA
Ah yes, perhaps a bit more due diligence was required.
Can someone help me out then here? I checked the domain here: https://phonebook.cz/, but manually inspecting the certificate, I don't see the * in front of okta.com to denote a wildcard domain is in use(*.okta.com). What am I missing?
I was wrong on this. See my comment above. I thought inspecting the certificate would be enough to tell you? I don't see the blob in any cert details. Where did I error?
frays|4 years ago
Any URL *.okta.com resolves and loads an Okta login screen but doesn't mean it's an actual customer.
For example, https://fake-ycombinator.okta.com works and shows the same login screen as https://pets.okta.com/. But only the latter is on the list, how do you know it's a legitimate customer?
xeromal|4 years ago
thricegr8|4 years ago
Can someone help me out then here? I checked the domain here: https://phonebook.cz/, but manually inspecting the certificate, I don't see the * in front of okta.com to denote a wildcard domain is in use(*.okta.com). What am I missing?
twistedpair|4 years ago
unknown|4 years ago
[deleted]
thricegr8|4 years ago