Jump to content
  • Sign Up
×
×
  • Create New...

Okta vulnerability allowed accounts with long usernames to log in without a password

Pelican Press

By Pelican Press,
in World News

 Share

Recommended Posts

  • Diamond Member
Pelican Press Warlord

Pelican Press 0

Posted
  • Diamond Member
Posted

This is the hidden content, please

Okta vulnerability allowed accounts with long usernames to log in without a password

In a new security advisory, Okta has

This is the hidden content, please
that its system had a
This is the hidden content, please
that allowed people to log into an account without having to provide the correct password. Okta bypassed password authentication if the account had a username that had 52 or more characters. Further, its system had to detect a “stored cache key” of a previous successful authentication, which means the account’s owner had to have previous history of logging in using that browser. It also didn’t affect organizations that require multi-factor authentication, according to the
This is the hidden content, please
.

Still, a 52-character username is easier to guess than a random password — it could be as simple as a person’s email address that has their full name along with their organization’s website domain. The company has admitted that the vulnerability was introduced as part of a standard update that went out on July 23, 2024 and that it only discovered (and fixed) the issue on October 30. It’s now advising customers who meet all of the vulnerability’s conditions to check their access log over the past few months.

Okta provides software that makes it easy for companies to add authentication services to their application. For organizations with multiple apps, it gives users access to a single, unified log-in so they don’t have to verify their identities for each application. The company didn’t say whether it’s aware of anybody who’s been affected by this specific issue, but it promised to “communicate more rapidly with customers” in the past after the threat group Lapsus$ accessed a couple of users’ accounts.



This is the hidden content, please

#Okta #vulnerability #allowed #accounts #long #usernames #log #password

This is the hidden content, please

This is the hidden content, please

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Vote for the server

    To vote for this server you must login.

    Jim Carrey Flirting GIF

  • Recently Browsing   0 members

    • No registered users viewing this page.

Important Information

Privacy Notice: We utilize cookies to optimize your browsing experience and analyze website traffic. By consenting, you acknowledge and agree to our Cookie Policy, ensuring your privacy preferences are respected.

  I accept