Vendor Catalog Okta Okta Session Fixation Advisory — OKTA-SA-2026-001

Okta Session Fixation Advisory — OKTA-SA-2026-001

High

Publicly Published

2026-03-01 10:14

Summary

Okta disclosed a session fixation vulnerability in their Classic Engine authentication flow. Organizations using Classic Engine should migrate to Identity Engine.

Impacted Systems

Patient Portal SSO, Telehealth Platform SSO, Staff Scheduling SSO

Mitigation

1. Migrate from Classic Engine to Identity Engine. 2. Enable session binding to IP address. 3. Reduce session timeout to 4 hours.

Okta Session Fixation Advisory — OKTA-SA-2026-001

Summary

Impacted Systems

Mitigation

Need Personalized Impact Analysis?