Okta: Critical Security Vulnerability “52+ Character Usernames Can Bypass Login Authentication” Fixed
On November 2, Okta, a provider of identity and access management software, disclosed in a post on its website that on October 30, 2024, an internal vulnerability was discovered in the AD/LDAP DelAuth generation of cache keys, which the Bcrypt algorithm is used to generate, in which we hash the combined string of userId + username + password. Under certain conditions, this could allow a user to authenticate only by providing the username with a stored cache key that was previously successfully authenticated.
Okta says that this vulnerability is predicated on the username being equal to or greater than 52 characters each time a cache key is generated for the user. Affected products and versions are Okta AD/LDAP DelAuth as of July 23, 2024, and the vulnerability was resolved on October 30, 2024 in Okta's production environment.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
BlackRock IBIT Becomes Third-Highest Inflowing U.S. ETF So Far In 2024
Sky Forum has released a new SPK token economics proposal
BlackRock's IBIT reached a pre-market trading volume of 102 million US dollars today.
Trending news
MoreCrypto prices
More
