top | item 37992140

(no title)

andsens | 2 years ago

> The files the threat actor obtained in the Okta compromise comprised HTTP archive, or HAR, files, which Okta support personnel use to replicate customer browser activity during troubleshooting sessions. Among the sensitive information they store are authentication cookies and session tokens, which malicious actors can use to impersonate valid users.

I know that troubleshooting for pwms is hard, but leaving unencrypted files to access accounts on a server that’s not governed by the same threat-model seems very negligent to me.

discuss

No comments yet.