By using this site, you agree to the Privacy Policy and Terms of Use.

Stay Tuned!

Subscribe to our newsletter to get our newest articles instantly!

[mc4wp_form id="448"]
ads
  1. Home
  2. Business
  3. An Okta login bug bypassed checking passwords on some long usernames
Business

An Okta login bug bypassed checking passwords on some long usernames

  • BY scoopstrike
  • November 2, 2024
  • 0 Comments
Illustration of a password above an open combination lock, implying a data breach.
Illustration by Cath Virginia / The Verge | Photo from Getty Images

On Friday evening, Okta posted an odd update to its list of security advisories. The latest entry reveals that under specific circumstances, someone could’ve logged in by entering anything for a password, but only if the account’s username had over 52 characters.

According to the note people reported receiving, other requirements to exploit the vulnerability included Okta checking the cache from a previous successful login, and that an organization’s authentication policy didn’t add extra conditions like requiring multi-factor authentication (MFA).

Here are the details that are currently available:

On October 30, 2024, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was…

Continue reading…

source

Leave a comment

Your email address will not be published. Required fields are marked *

You may also like

Business Entertainment Tech

TikTok to begin appeal against being sold or banned in US

TikTok will start making its case on Monday against a law that will see it banned in the US unless
Business

How to understand your employees and keep them happy

Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem