Anasayfa » News » An Okta login bug bypassed checking passwords on some long usernames

An Okta login bug bypassed checking passwords on some long usernames

Illustration of a password above an open combination lock, implying a data breach.
You May Be Interested In:‘We got stuck in puddles’: skiers upset by lack of snow on Swedish slopes


Illustration by Cath Virginia / The Verge | Photo from Getty Images

On Friday evening, Okta posted an odd update to its list of security advisories. The latest entry reveals that under specific circumstances, someone could’ve logged in by entering anything for a password, but only if the account’s username had over 52 characters.

According to the note people reported receiving, other requirements to exploit the vulnerability included Okta checking the cache from a previous successful login, and that an organization’s authentication policy didn’t add extra conditions like requiring multi-factor authentication (MFA).

Here are the details that are currently available:

On October 30, 2024, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was…

Continue reading…

share Paylaş facebook pinterest whatsapp x print

Similar Content

Why the US is freezing as the planet reaches record warmth
Why the US is freezing as the planet reaches record warmth February 14, 2025
Starship on the launch pad.
Starship’s fifth test flight is approved: where to watch the launch October 12, 2024
Meta's job cuts surprised some employees who said they weren't low-performers
Meta’s job cuts surprised some employees who said they weren’t low-performers February 11, 2025
The best October Prime Day deals you can still get for under $100
The best October Prime Day deals you can still get for under $100 October 9, 2024
What in the world is pink cocaine?
What in the world is pink cocaine? December 4, 2024
Jess Weatherbed
Adobe Max 2024: All the major announcements around design and AI October 14, 2024
The Bulletin Beat | © 2024 | News