2 matches found
CVE-2024-9191
The CVE concerns Okta Verify on Windows where the Device Access feature exposes the OktaDeviceAccessPipe, enabling a compromised device user to retrieve passwords for Desktop MFA passwordless logins. Affected component: Okta Verify agent for Windows with Okta Device Access passwordless feature en...
CVE-2024-7061
CVE-2024-7061 affects Okta Verify for Windows. The issue is a privilege escalation via DLL hijacking in versions prior to 5.0.2. The root cause is improper handling of DLL loading that can be exploited locally with low privileges and no user interaction required, leading to high-impact confidenti...