Okta
- $100 – $75,000 per vulnerability
Program update [Okta]
Hi all,
Okta recently updated their program brief to include some revised focus areas and improved reference information. Be sure to check out the program brief for more information, and let us know if you have any questions. Good luck and happy hunting!
Focus Areas
Okta Expression Language
LDAP as a Service
Authentication Protocol Vulnerabilities (e.g. SAML, OAuth & OIDC,Social Auth )
XXE within the massive amount of XML data we accept
Okta Browser Plugin (IE / Firefox / Chrome)
Cross-Org Access / Multi-Tenancy Vulnerabilities
Privileged (Horizontal / Vertical) Escalation
All on-premise Agents (e.g. LDAP / AD / OPP / Radius / RSA)
Okta Mobile (iOS / Android)
Okta Verify (iOS / Android)
XSS and other Top 10 Issue such as Open Redirection and CSRF on sensitive page actions
Reference Information
Okta Public API References
Okta Configuration & Support Site
AD Agent
Radius Agent
LDAP Agent Installation
LDAP as a Service
Desktop SSO / IWA
Browser Plugin
SAML
OAuth & OIDC
OAuth Overview
Social Auth