On Friday night, Okta posted an odd replace to its listing of safety advisories. The newest entry reveals that below particular circumstances, somebody may’ve logged in by getting into something for a password, however provided that the account’s username had over 52 characters.
In accordance with the notice folks reported receiving, different necessities to use the vulnerability included Okta checking the cache from a earlier profitable login, and that a corporation’s authentication coverage didn’t add additional situations like requiring multi-factor authentication (MFA).
Listed below are the main points which are at the moment obtainable:
On October 30, 2024, a vulnerability was internally recognized in producing the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was…
Proceed studying…
