Okta recently hit a rare bug in its software.
The digital security firm has posted a bug fix report on its website (as seen by The Verge) to inform users that a bug in the system that allowed bad actors to gain access to accounts has been removed. Sounds familiar enough, right? Well, here’s the kicker: The bug would have allowed someone to log into the account without entering a password as long as the username was 52 characters or longer.
Mashable Light Speed
Largest US healthcare data breach exposes medical records of 100 million customers
“Under certain circumstances, this can allow users to authenticate by providing only a username with a cached key from a previous successful authentication,” Okta wrote.
It should be emphasized again that this is no longer a concern for Okta users. The bug has been fixed. Unfortunately, it was in the system for about three months, as Okta’s report said that the software was affected from July until someone noticed it on October 30. This is the longest time for such a vulnerability, but it is not clear yet. if anyone was affected badly by it.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25728924/STK133_BLUESKY__B.jpg?w=390&resize=390,220&ssl=1 "Bluesky now has a chat tab in your notification area")