It appears you have not yet registered with our community. To register please click here...

 
Go Back [M] > Madshrimps > WebNews
Okta vulnerability allowed accounts with long usernames to log in without a password Okta vulnerability allowed accounts with long usernames to log in without a password
FAQ Members List Calendar Search Today's Posts Mark Forums Read


Okta vulnerability allowed accounts with long usernames to log in without a password
Reply
 
Thread Tools
Old 4th November 2024, 08:16   #1
[M] Reviewer
 
Stefan Mileschin's Avatar
 
Join Date: May 2010
Location: Romania
Posts: 153,575
Stefan Mileschin Freshly Registered
Default Okta vulnerability allowed accounts with long usernames to log in without a password
In a new security advisory, Okta has revealed that its system had a vulnerability that allowed people to log into an account without having to provide the correct password. Okta bypassed password authentication if the account had a username that had 52 or more characters. Further, its system had to detect a "stored cache key" of a previous successful authentication, which means the account's owner had to have previous history of logging in using that browser. It also didn't affect organizations that require multi-factor authentication, according to the notice the company sent to its users.

https://www.engadget.com/apps/okta-v...8.html?src=rss
Stefan Mileschin is offline   Reply With Quote
Reply

« New Apple repair program will fix iPhone 14 Plus' rear camera issue for free | Creative Zen Hybrid SXFI Review: Bells and Whistles Only Go So Far »

Similar Threads
Thread Thread Starter Forum Replies Last Post
Bluesky allowed people to include the n-word in their usernames Stefan Mileschin WebNews 0 17th July 2023 09:08
Okta says Lapsus$ breach affected only two customers Stefan Mileschin WebNews 0 21st April 2022 05:30
Microsoft and Okta detail the impact of recent Lapsus$ attacks Stefan Mileschin WebNews 0 24th March 2022 14:02
Microsoft and Okta are investigating potential attacks by the Lapsus$ hacking group Stefan Mileschin WebNews 0 23rd March 2022 11:32
Microsoft accounts no longer need a password Stefan Mileschin WebNews 0 16th September 2021 09:30
Latest Adobe Flash vulnerability allowed hackers to plant malware Stefan Mileschin WebNews 0 19th October 2017 18:54
Chinese internet giants purge 60,000 accounts for inappropriate usernames Stefan Mileschin WebNews 0 2nd March 2015 08:02
Skype disables password reset page to deal with email-based security 'vulnerability' Stefan Mileschin WebNews 0 15th November 2012 07:44
Report: PSN password resets exploited, accounts compromised again jmke WebNews 0 19th May 2011 16:37
Flashy UserNames jmke Site & Forum Feedback - Folding@Home 36 16th February 2004 10:44

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 06:35.

Contact Us - Madshrimps - Top

Powered by vBulletin® - Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO