#Backdoor compromised #Okta accounts via #Windows Okta Verify using attacker controlled passwordless keys
Okta Terrify is a tool to demonstrate how passwordless solutions such as Okta Verify’s FastPass or other FIDO2/WebAuthn type solutions can be abused once an authenticator endpoint has been compromised. Whilst Okta Terrify demonstrates Okta specific attacks, the same methodology would typically apply to other passwordless solutions, as generally they all leverage asymmetric cryptography
https://github.com/CCob/okta-terrify
