Friday , 22 November 2024
Home Tech An Okta login bug bypassed checking passwords on some long usernames
Tech

An Okta login bug bypassed checking passwords on some long usernames

An Okta login bug bypassed checking passwords on some long usernames
Illustration of a password above an open combination lock, implying a data breach.
Illustration by Cath Virginia / The Verge | Photo from Getty Images

On Friday evening, Okta posted an odd update to its list of security advisories. The latest entry reveals that under specific circumstances, someone could’ve logged in by entering anything for a password, but only if the account’s username had over 52 characters.

According to the note people reported receiving, other requirements to exploit the vulnerability included Okta checking the cache from a previous successful login, and that an organization’s authentication policy didn’t add extra conditions like requiring multi-factor authentication (MFA).

Here are the details that are currently available:

On October 30, 2024, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was…

Continue reading…

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Articles

The new Ariana Grande-Cynthia Erivo musical is just the latest project to...

Some smartphones (looking at you, iPhone) are often excluded from the Black...

Star Wars Outlaws’ first expansion brings Lando into the game

Image: Ubisoft A few months after it first launched, Star Wars Outlaws...

SpaceX signs second commercial deal for Starship lunar lander with Lunar Outpost

As SpaceX’s Starship test program continues to gain momentum, the company signed...