MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
flaw
Search

Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames

Saturday November 2, 2024. 02:31 AM , from Slashdot
Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames
Identity management firm Okta said Friday it has patched a critical authentication bypass vulnerability that affected customers using usernames longer than 52 characters in its AD/LDAP delegated authentication service.

The flaw, introduced on July 23 and fixed October 30, allowed attackers to authenticate using only a username if they had access to a previously cached key. The bug stemmed from Okta's use of the Bcrypt algorithm to generate cache keys from combined user credentials. The company switched to PBKDF2 to resolve the issue and urged affected customers to audit system logs.

Read more of this story at Slashdot.
Read more at Slashdot
https://it.slashdot.org/story/24/11/02/0113243/okta-fixes-login-bypass-flaw-tied-to-lengthy-username...

Related News

flaw Microsoft slips Task Manager and processor count fixes into Patch Tuesday TheRegisterNov 13
usernames Microsoft fixes dozens of security flaws in Windows and Office PC WorldNov 13
bypass Acer Swift 14 AI review: A humble laptop with lengthy battery life PC WorldNov 12
okta D-Link Won't Fix Critical Flaw Affecting 60,000 Older NAS Devices SlashdotNov 12
authentication Debian Linux 12 bookworm receives eighth update with crucial security fixes BetaNewsNov 9
affected Hacker Says They Banned 'Thousands' of Call of Duty Gamers By Abusing Anti-Cheat Flaw SlashdotNov 7
using Cisco scores a perfect CVSS 10 with critical flaw in its wireless system TheRegisterNov 7
customers Flaw in Right-Wing ‘Election Integrity’ App Exposes Voter-Suppression Plan and User Data Wired: Tech.Nov 5
tied Redox runs on RISC-V, boots to GUI login on Raspberry Pi 4 OS NewsNov 5
login Why the long name? Okta discloses auth bypass bug affecting 52-character usernames TheRegisterNov 4
fixes Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack Wired: Tech.Nov 1
lengthy AWS Cloud Development Kit flaw exposed accounts to full takeover TheRegisterOct 25
flaw Emergency patch: Cisco fixes bug under exploit in brute-force attacks TheRegisterOct 24
usernames Microsoft releases Windows 11 update with revamped Start menu, printer fixes, and new Copilot button remapping BetaNewsOct 24
bypass Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch TheRegisterOct 23
okta Chrome 130’s first patch fixes three high-risk security flaws PC WorldOct 23
authentication Optional Windows 10 update fixes printer, scanner, and crash bugs PC WorldOct 23
affected VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time TheRegisterOct 22
using Jetpack fixes 8-year-old flaw affecting millions of WordPress sites TheRegisterOct 19
customers Thousands of Fortinet instances vulnerable to actively exploited flaw TheRegisterOct 14
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Thu 21 - 14:40 CET