Okta: Critical Security Vulnerability “52+ Character Usernames Can Bypass Login Authentication” Fixed
On November 2, Okta, a provider of identity and access management software, disclosed in a post on its website that on October 30, 2024, an internal vulnerability was discovered in the AD/LDAP DelAuth generation of cache keys, which the Bcrypt algorithm is used to generate, in which we hash the combined string of userId + username + password. Under certain conditions, this could allow a user to authenticate only by providing the username with a stored cache key that was previously successfully authenticated.
Okta says that this vulnerability is predicated on the username being equal to or greater than 52 characters each time a cache key is generated for the user. Affected products and versions are Okta AD/LDAP DelAuth as of July 23, 2024, and the vulnerability was resolved on October 30, 2024 in Okta's production environment.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Genius Terminal sets a new record with a single-day trading volume of $787 million
Trump denies offering JPMorgan CEO Dimon the position of Federal Reserve Chairman
Total Liquidations in the Last 24 Hours: $78.792 million, Largest Single Liquidation
The market capitalization of euro-denominated assets reached $1.1 billion, a record high.
Trending news
MoreCrypto prices
More
