Okta: Critical Security Vulnerability “52+ Character Usernames Can Bypass Login Authentication” Fixed
On November 2, Okta, a provider of identity and access management software, disclosed in a post on its website that on October 30, 2024, an internal vulnerability was discovered in the AD/LDAP DelAuth generation of cache keys, which the Bcrypt algorithm is used to generate, in which we hash the combined string of userId + username + password. Under certain conditions, this could allow a user to authenticate only by providing the username with a stored cache key that was previously successfully authenticated.
Okta says that this vulnerability is predicated on the username being equal to or greater than 52 characters each time a cache key is generated for the user. Affected products and versions are Okta AD/LDAP DelAuth as of July 23, 2024, and the vulnerability was resolved on October 30, 2024 in Okta's production environment.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Gold Morning News | Important Overnight Developments for Feb 21st
Fed Governor Kugler: Thinks Fed should keep policy rates unchanged for some time
Fed Governor Kugler: PCE inflation expected to be 2.4% in January
The dollar index fell 0.75 per cent on 20
Trending news
MoreCrypto prices
More
