Okta: Fixed a critical security vulnerability that allowed usernames longer than 52 characters to bypass login verification

2024-11-02 21:19:18

Collection

ChainCatcher news, identity and access management software provider Okta officially stated that on October 30, 2024, an internal vulnerability was discovered in the AD/LDAP DelAuth when generating cached keys. The Bcrypt algorithm is used to generate cached keys, where we hash the combination string of userId + username + password. Under specific conditions, this can allow users to authenticate simply by providing a previously successfully authenticated stored cached key to the username.

The prerequisite for this vulnerability is that the username must be equal to or exceed 52 characters each time a cached key is generated for the user. The affected products and versions are Okta AD/LDAP DelAuth as of July 23, 2024, and this vulnerability has been resolved in Okta's production environment on October 30, 2024.

(Source Link)

Related tags

Okta security vulnerability Bcrypt

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.