An Okta login bug bypassed checking passwords on some lengthy usernames

Date:

Share post:

Illustration by Cath Virginia / The Verge | Photograph from Getty Photographs

On Friday night, Okta posted an odd replace to its checklist of safety advisories. The newest entry reveals that below particular circumstances, somebody might’ve logged in by coming into something for a password, however provided that the account’s username had over 52 characters.

In accordance with the observe individuals reported receiving, different necessities to take advantage of the vulnerability included Okta checking the cache from a earlier profitable login, and that a company’s authentication coverage didn’t add further circumstances like requiring multi-factor authentication (MFA).

Listed here are the small print which can be at the moment accessible:

On October 30, 2024, a vulnerability was internally recognized in producing the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was…

Proceed studying…

Related articles

Bose’s newest QuietComfort headphones return to a record-low worth forward of Black Friday

The latest model of Bose’s QuietComfort headphones . This ties a record-low worth, as these headphones sometimes price...

AI in your smartphone? Hugging Face’s SmolLM2 brings highly effective fashions to the palm of your hand

Be part of our each day and weekly newsletters for the newest updates and unique content material on...

A brand new app launches to assist preserve voters knowledgeable for elections

Across the nook is maybe one of the vital essential elections this nation has ever seen, but many...

Polestar delivers the primary US-made Polestar 3 EVs

The primary American-made Polestar EVs are actually on the street. The Swedish automaker stated on Friday it delivered...