Tech News

Okta’s login bug bypassed checking passwords for some long usernames

Photo of Salma Salma Send an email November 2, 2024
0 0 Less than a minute
Okta’s login bug bypassed checking passwords for some long usernames

Image by Cath Virginia / The Verge | Image from Getty Images

On Friday evening, Okta posted a strange update to its security advisory list. The latest entry reveals that under certain circumstances, someone could log in by entering anything for a password, but only if the account’s username is longer than 52 characters.

According to the note people reported receiving, other requirements for exploiting the vulnerability include Okta checking the cache from previous successful logins, and that the organization’s authentication policy did not add additional conditions such as requiring multi-factor authentication (MFA).

Here is the information currently available:

On October 30, 2024, a vulnerability was identified in AD/LDAP DelAuth cache key generation. The Bcrypt algorithm was…

Continue reading…


Source link

Photo of Salma Salma Send an email November 2, 2024
0 0 Less than a minute
Photo of Salma

Salma

Related Articles

Best fitness trackers in 2024 (UK)

Best fitness trackers in 2024 (UK)

4 weeks ago
India’s Rapido has exposed user and driver data through a leaked website form for feedback

India’s Rapido has exposed user and driver data through a leaked website form for feedback

4 weeks ago
Today’s NYT Mini Crossword Answers for December 20

Today’s NYT Mini Crossword Answers for December 20

4 weeks ago
Bluesky now has a chat tab in your notification area

Bluesky now has a chat tab in your notification area

4 weeks ago

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button