Techly NewsGet the app

Get the latest tech news

Okta – Username Above 52 Characters Security Advisory


D/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Description On October 30, 2024, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth. The Bcrypt algorithm was used to generate the cache key where we hash a combined string of userId + username + password.

The Bcrypt algorithm was used to generate the cache key where we hash a combined string of userId + username + password. Note: A precondition for this vulnerability is that the username must be or exceed 52 characters any time a cache key is generated for the user. Customers meeting the preconditions should investigate their org system log for this issue between the period of July 23rd, 2024 to October 30th, 2024.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Okta

Okta

Photo of characters

characters

Photo of security advisory

security advisory

Related news:

News photo

Are your Call of Duty: Black Ops 6 characters blue? Make sure you've disabled High Contrast mode

News photo

UPS supplier's password policy flip-flops from unlimited, to 32, then 64 characters

News photo

Benign bug in iOS and iPadOS crashes gizmos with just four characters

« AI on your smartphone? Hugging Face’s SmolLM2 brings powerful models to the palm of your hand
Waymo Explores Using Google's Gemini To Train Its Robotaxis »