ChainCatcher news, identity and access management software provider Okta officially stated that on October 30, 2024, an internal vulnerability was discovered in the AD/LDAP DelAuth when generating cached keys. The Bcrypt algorithm is used to generate cached keys, where we hash the combination string of userId + username + password. Under specific conditions, this can allow users to authenticate simply by providing a previously successfully authenticated stored cached key to the username.The prerequisite for this vulnerability is that the username must be equal to or exceed 52 characters each time a cached key is generated for the user. The affected products and versions are Okta AD/LDAP DelAuth as of July 23, 2024, and this vulnerability has been resolved in Okta's production environment on October 30, 2024.