On Friday night, Okta posted an odd replace to its listing of safety advisories. The most recent entry reveals that beneath particular circumstances, somebody may’ve logged in by getting into something for a password, however provided that the account’s username had over 52 characters.
Based on the observe individuals reported receiving, different necessities to take advantage of the vulnerability included Okta checking the cache from a earlier profitable login, and that a corporation’s authentication coverage didn’t add additional circumstances like requiring multi-factor authentication (MFA).
Listed here are the small print which can be at the moment accessible:
On October 30, 2024, a vulnerability was internally recognized in producing the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was…
