MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
flaw
Search

Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames

Saturday November 2, 2024. 02:31 AM , from Slashdot
Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames
Identity management firm Okta said Friday it has patched a critical authentication bypass vulnerability that affected customers using usernames longer than 52 characters in its AD/LDAP delegated authentication service.

The flaw, introduced on July 23 and fixed October 30, allowed attackers to authenticate using only a username if they had access to a previously cached key. The bug stemmed from Okta's use of the Bcrypt algorithm to generate cache keys from combined user credentials. The company switched to PBKDF2 to resolve the issue and urged affected customers to audit system logs.

Read more of this story at Slashdot.
Read more at Slashdot
https://it.slashdot.org/story/24/11/02/0113243/okta-fixes-login-bypass-flaw-tied-to-lengthy-username...

Related News

flaw Flaw in Right-Wing ‘Election Integrity’ App Exposes Voter-Suppression Plan and User Data Wired: Tech.Nov 5
usernames Redox runs on RISC-V, boots to GUI login on Raspberry Pi 4 OS NewsNov 5
bypass Why the long name? Okta discloses auth bypass bug affecting 52-character usernames TheRegisterNov 4
okta Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack Wired: Tech.Nov 1
authentication AWS Cloud Development Kit flaw exposed accounts to full takeover TheRegisterOct 25
affected Emergency patch: Cisco fixes bug under exploit in brute-force attacks TheRegisterOct 24
using Microsoft releases Windows 11 update with revamped Start menu, printer fixes, and new Copilot button remapping BetaNewsOct 24
customers Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch TheRegisterOct 23
tied Chrome 130’s first patch fixes three high-risk security flaws PC WorldOct 23
login Optional Windows 10 update fixes printer, scanner, and crash bugs PC WorldOct 23
fixes VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time TheRegisterOct 22
lengthy Jetpack fixes 8-year-old flaw affecting millions of WordPress sites TheRegisterOct 19
flaw Thousands of Fortinet instances vulnerable to actively exploited flaw TheRegisterOct 14
usernames Update Firefox 131 now to patch a critical zero-day security flaw PC WorldOct 10
bypass Still running Windows 11 22H2? No more security fixes from Microsoft for you! BetaNewsOct 9
okta How to bypass Microsoft’s TPM 2.0 requirements when upgrading to Windows 11 24H2 BetaNewsOct 8
authentication The best new features and fixes in Python 3.13 InfoWorldOct 7
affected Apple Fixes Bugs in macOS Sequoia That Broke Some Cybersecurity Tools SlashdotOct 7
using Apple Fixes Bug That Let VoiceOver Shout Your Passwords SlashdotOct 4
customers Apple fixes bug that let VoiceOver shout your passwords TheRegisterOct 4
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Current Date
Nov, Thu 7 - 10:58 CET