Okta

  • $100 – $25,000 per vulnerability
  • Safe harbor

Program update [Okta]

Hi all,

Okta recently updated their program brief to include some revised focus areas and improved reference information. Be sure to check out the program brief for more information, and let us know if you have any questions. Good luck and happy hunting!

Focus Areas

Okta Expression Language
LDAP as a Service
Authentication Protocol Vulnerabilities (e.g. SAML, OAuth & OIDC,Social Auth )
XXE within the massive amount of XML data we accept
Okta Browser Plugin (IE / Firefox / Chrome)
Cross-Org Access / Multi-Tenancy Vulnerabilities
Privileged (Horizontal / Vertical) Escalation
All on-premise Agents (e.g. LDAP / AD / OPP / Radius / RSA)
Okta Mobile (iOS / Android)
Okta Verify (iOS / Android)
XSS and other Top 10 Issue such as Open Redirection and CSRF on sensitive page actions

Reference Information

Okta Public API References
Okta Configuration & Support Site
AD Agent
Radius Agent
LDAP Agent Installation
LDAP as a Service
Desktop SSO / IWA
Browser Plugin
SAML
OAuth & OIDC
OAuth Overview
Social Auth