Techly NewsGet the app

Get the latest tech news

An Okta login bug bypassed checking passwords on some long usernames


That’s just the first requirement.

The latest entry reveals that under specific circumstances, someone could’ve logged in by entering anything for a password, but only if the account’s username had over 52 characters. According to the note, the flaw has been present since an update on July 23rd until it was resolved by switching the cryptographic algorithm from Bcrypt to PBKDF2 after the vulnerability was internally identified. Okta didn’t immediately respond to a request for additional details but says customers whose setups meet the necessary conditions should check those three months of system logs.

Get the Android app

Or read this on The Verge

Read more on:

Photo of Okta login bug

Okta login bug

Photo of checking passwords

checking passwords

Photo of long usernames

long usernames

« No, Vote Spikes on Election Night Do Not Indicate Voter Fraud
Disgraced Three Arrows Founder’s Wife Sells $38 Million Singapore Mansion »