/engagements/okta

BugcrowdView on Bugcrowd
RawAI Enhanced
22
In Scope
17
Out of Scope

In-Scope Assets (22)

AssetCategoryBountyQuick Links
Desktop MFA for WindowsOTHERYes-
Desktop MFA for macOSOTHERYes-
Okta On-Prem Agents ( AD, LDAP, RDP, IWA )OTHERYes-
Okta Verify (Windows)OTHERYes-
Password Sync for macOSOTHERYes-
bugcrowd-pam-###.oktapreview.comURLYes
bugcrowd-pam-###.pam.oktapreview.comURLYes
http://app.scaleft.com/URLYes
https://apps.apple.com/us/app/okta-verify/id490179405IOSYes-
https://apps.apple.com/us/app/okta-verify/id490179405OTHERYes-
https://bugcrowd-pam-###-admin.oktapreview.comURLYes
https://bugcrowd-pam-###.at.oktapreview.comURLYes
https://bugcrowd-pam-###.oktapreview.comURLYes
https://bugcrowd-pam-###.workflows.oktapreview.comURLYes
https://help.okta.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/client.htmOTHERYes-
https://help.okta.com/en/prod/Content/Topics/Adv_Server_Access/docs/sftd-windows.htmOTHERYes-
https://help.okta.com/en/prod/Content/Topics/Settings/download-browser-plugin.htmOTHERYes-
https://play.google.com/store/apps/details?id=com.okta.android.auth&hl=en_US&gl=USANDROIDYes
https://support.okta.comURLYes
https://www.okta.com/fastpass/OTHERYes-
https://www.okta.com/products/advanced-server-access/URLYes
personal.trexcloud.comURLYes
Out-of-Scope Assets (17)
AssetCategoryBounty
*.okta.comURLYes
*.trexcloud.comURLYes
Anything not explicitly called out above as in-scopeOTHERYes
AtSpoke - Entitlement bundles as a resource in access requestsURLYes
AtSpoke - Okta Workflows actions in access requestsURLYes
Backend Okta non-app infrastructureOTHERYes
Network layer issuesOTHERYes
bugcrowd-%username%-1.oktapreview.comURLYes
bugcrowd-%username%-2.oktapreview.comURLYes
developer.okta.comURLYes
https://app.scaleft.com/p/signupURLYes
https://github.com/oktadevURLYes
https://scaleft.comURLYes
login.okta.comURLYes
pages.okta.comURLYes
trust.okta.comURLYes
www.okta.com (static site)URLYes