Identity and access management platform Okta could be compromised through four new attack paths that could result in the exposure of personally identifiable information, theft of authentication data, and disruption of IT environments managed by the platform, reports Threatpost. Threat actors could exploit Okta to facilitate exposure of cleartext passwords through the System for Cross-domain Identity Management, password and other data sharing over unencrypted HTTP, default configurations, and impersonation of mutable identity logs, a report from Authomize revealed. "A small company was acquired by a large Fortune 500. The corporation connected the small companys Okta as a spoke to their main Okta which acts as their hub with the default configuration. A compromised admin from the acquired company's spoke gains super admin privileges throughout their Okta hub by impersonating a super admin, and therefore achieves full, unlimited access to the corporates entire collection of apps and services," said researchers. Such risks have prompted researchers to recommend the adoption of independent security solutions for IAM tools.