Okta: Critical Security Vulnerability “52+ Character Usernames Can Bypass Login Authentication” Fixed

Bitget2024/11/02 15:08

On November 2, Okta, a provider of identity and access management software, disclosed in a post on its website that on October 30, 2024, an internal vulnerability was discovered in the AD/LDAP DelAuth generation of cache keys, which the Bcrypt algorithm is used to generate, in which we hash the combined string of userId + username + password. Under certain conditions, this could allow a user to authenticate only by providing the username with a stored cache key that was previously successfully authenticated.

Okta says that this vulnerability is predicated on the username being equal to or greater than 52 characters each time a cache key is generated for the user. Affected products and versions are Okta AD/LDAP DelAuth as of July 23, 2024, and the vulnerability was resolved on October 30, 2024 in Okta's production environment.

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Earn new token airdrops

Lock your assets and earn 10%+ APR

Lock now!

Okta: Critical Security Vulnerability “52+ Character Usernames Can Bypass Login Authentication” Fixed

You may also like

Trending news

Crypto prices