An Okta login bug bypassed checking passwords on some lengthy usernames

0
9


Illustration by Cath Virginia / The Verge | Picture from Getty Photos

On Friday night, Okta posted an odd replace to its record of safety advisories. The newest entry reveals that beneath particular circumstances, somebody may’ve logged in by getting into something for a password, however provided that the account’s username had over 52 characters.
In line with the notice folks reported receiving, different necessities to take advantage of the vulnerability included Okta checking the cache from a earlier profitable login, and that a corporation’s authentication coverage didn’t add further situations like requiring multi-factor authentication (MFA).
Listed below are the main points which might be presently obtainable:

On October 30, 2024, a vulnerability was internally recognized in producing the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was…

Proceed studying…