Okta: Critical Security Vulnerability “52+ Character Usernames Can Bypass Login Authentication” Fixed
On November 2, Okta, a provider of identity and access management software, disclosed in a post on its website that on October 30, 2024, an internal vulnerability was discovered in the AD/LDAP DelAuth generation of cache keys, which the Bcrypt algorithm is used to generate, in which we hash the combined string of userId + username + password. Under certain conditions, this could allow a user to authenticate only by providing the username with a stored cache key that was previously successfully authenticated.
Okta says that this vulnerability is predicated on the username being equal to or greater than 52 characters each time a cache key is generated for the user. Affected products and versions are Okta AD/LDAP DelAuth as of July 23, 2024, and the vulnerability was resolved on October 30, 2024 in Okta's production environment.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Trending news
MoreInstitutional investors purchased 9.7 billion dollars in Nasdaq futures last week
According to the latest filing submitted to the U.S. Securities and Exchange Commission (SEC), Intel Corporation has appointed its current Chief Financial Officer, David A. Zinsner, to also serve as Chief Accounting Officer.
Crypto prices
More
