Okta: Critical Security Vulnerability “52+ Character Usernames Can Bypass Login Authentication” Fixed
On November 2, Okta, a provider of identity and access management software, disclosed in a post on its website that on October 30, 2024, an internal vulnerability was discovered in the AD/LDAP DelAuth generation of cache keys, which the Bcrypt algorithm is used to generate, in which we hash the combined string of userId + username + password. Under certain conditions, this could allow a user to authenticate only by providing the username with a stored cache key that was previously successfully authenticated.
Okta says that this vulnerability is predicated on the username being equal to or greater than 52 characters each time a cache key is generated for the user. Affected products and versions are Okta AD/LDAP DelAuth as of July 23, 2024, and the vulnerability was resolved on October 30, 2024 in Okta's production environment.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
JPMorgan: U.S. Treasury bonds may have bottomed out
Tether CEO: The number of USDT users increased by 13% quarter-on-quarter in Q1 2025
Citi downgraded the U.S. stock market rating to neutral
Trending news
MoreCrypto prices
More
