PT-2025-30435 · Okta · Okta On-Premises Provisioning Agent
Published
2025-07-22
·
Updated
2025-07-22
·
CVE-2025-7371
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Okta On-Premises Provisioning (OPP) agents versions 2.2.1 through 2.3.0
Description
Okta On-Premises Provisioning (OPP) agents log specific user data during administrator-initiated password resets. An attacker gaining access to the local servers running these agents can retrieve user personal information and temporary passwords generated during password reset operations.
Recommendations
For versions 2.2.1 through 2.3.0, ensure that local servers running OPP agents are adequately secured to prevent unauthorized access.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Okta On-Premises Provisioning Agent