Okta: "Usernames with more than 52 characters can bypass login verification" serious security vulnerability has been fixed

PANews reported on November 2 that Okta, an identity and access management software provider, disclosed on its website that on October 30, 2024, a vulnerability was discovered internally in AD/LDAP DelAuth's generation of cache keys. The Bcrypt algorithm is used to generate cache keys, in which we hash the combined string of userId + username + password. Under certain conditions, this can allow users to authenticate by simply providing a stored cache key from a previously successfully authenticated username.

Okta said the vulnerability requires that the username must be equal to or longer than 52 characters each time a cache key is generated for a user. The affected products and versions are Okta AD/LDAP DelAuth as of July 23, 2024, and the vulnerability was resolved in Okta's production environment on October 30, 2024.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANews
Recommended Reading
2024-11-02 12:04
2024-11-02 11:29
2024-11-02 11:14
2024-11-02 10:39
2024-11-02 10:21
2024-11-02 09:55

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

App内阅读