Navigation
Search
|
Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames
Saturday November 2, 2024. 02:31 AM , from Slashdot
The flaw, introduced on July 23 and fixed October 30, allowed attackers to authenticate using only a username if they had access to a previously cached key. The bug stemmed from Okta's use of the Bcrypt algorithm to generate cache keys from combined user credentials. The company switched to PBKDF2 to resolve the issue and urged affected customers to audit system logs. Read more of this story at Slashdot.
https://it.slashdot.org/story/24/11/02/0113243/okta-fixes-login-bypass-flaw-tied-to-lengthy-username...
Related News |
25 sources
Current Date
Nov, Thu 21 - 14:40 CET
|