On Friday night, Okta posted an odd replace to its record of safety advisories. The newest entry reveals that below particular circumstances, somebody may’ve logged in by coming into something for a password, however provided that the account’s username had over 52 characters.
In accordance with the word folks reported receiving, different necessities to use the vulnerability included Okta checking the cache from a earlier profitable login, and that a corporation’s authentication coverage didn’t add additional situations like requiring multi-factor authentication (MFA).
Listed below are the main points which can be at the moment out there:
On October 30, 2024, a vulnerability was internally recognized in producing the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was…
Proceed studying…
/cdn.vox-cdn.com/uploads/chorus_asset/file/25299201/STK453_PRIVACY_B_CVirginia.jpg&description=An+Okta+login+bug+bypassed+checking+passwords+on+some+lengthy+usernames){kind=link}