An Okta login bug bypassed checking passwords on some long usernames

You May Be Interested In:We left corporate jobs and a 6-figure salary to travel full-time. It took years of saving.


Illustration by Cath Virginia / The Verge | Photo from Getty Images

On Friday evening, Okta posted an odd update to its list of security advisories. The latest entry reveals that under specific circumstances, someone could’ve logged in by entering anything for a password, but only if the account’s username had over 52 characters.

According to the note people reported receiving, other requirements to exploit the vulnerability included Okta checking the cache from a previous successful login, and that an organization’s authentication policy didn’t add extra conditions like requiring multi-factor authentication (MFA).

Here are the details that are currently available:

On October 30, 2024, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was…

Continue reading…

share Paylaş facebook pinterest whatsapp x print

Similar Content

That old Photobucket account you haven't touched in years could soon be licensed to train AI
That old Photobucket account you haven’t touched in years could soon be licensed to train AI
Donald Trump ran a campaign for men — it worked
Donald Trump ran a campaign for men — it worked
A screenshot from the mobile game Monster Hunter Outlanders.
Monster Hunter is getting an open-world RPG spinoff for mobile
Former CEOs of American Airlines, LinkedIn, Amex, Xerox, and 13 other companies make the pitch for Kamala Harris
Former CEOs of American Airlines, LinkedIn, Amex, Xerox, and 13 other companies make the pitch for Kamala Harris
Android logo on a green and blue background
Android 15’s first major update has arrived
Americans are eating less meat. And more meat. How?
Americans are eating less meat. And more meat. How?
The Bulletin Beat | © 2024 | News