Techly NewsGet the app

Get the latest tech news

Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames


Identity management firm Okta said Friday it has patched a critical authentication bypass vulnerability that affected customers using usernames longer than 52 characters in its AD/LDAP delegated authentication service. The flaw, introduced on July 23 and fixed October 30, allowed attackers to aut...

The flaw, introduced on July 23 and fixed October 30, allowed attackers to authenticate using only a username if they had access to a previously cached key. The bug stemmed from Okta's use of the Bcrypt algorithm to generate cache keys from combined user credentials. The company switched to PBKDF2 to resolve the issue and urged affected customers to audit system logs.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of bypass flaw

bypass flaw

Photo of okta fixes

okta fixes

Photo of lengthy usernames

lengthy usernames

« An AI-generated ad left thousands of Dubliners waiting for a Halloween parade that never came
Meta unveils AI tools to give robots a human touch in physical world »