Okta vulnerability allowed accounts with long usernames to log in without a password

Okta vulnerability allowed accounts with long usernames to log in without a password

Briefly

"Okta has revealed a vulnerability that allowed accounts with 52 or more characters in the username to bypass password authentication when conditions were met, risking unauthorized access."

Engadgethttps://www.engadget.com/apps/okta-vulnerability-allowed-accounts-with-long-usernames-to-log-in-without-a-password-150041758.html

"The vulnerability stemmed from a standard update on July 23, 2024, and went unnoticed until discovered and fixed on October 30."

Engadgethttps://www.engadget.com/apps/okta-vulnerability-allowed-accounts-with-long-usernames-to-log-in-without-a-password-150041758.html

"Organizations were advised to check their access logs if their accounts met the conditions, as the vulnerability could allow easy-to-guess usernames to breach accounts."

Engadgethttps://www.engadget.com/apps/okta-vulnerability-allowed-accounts-with-long-usernames-to-log-in-without-a-password-150041758.html

"Okta pledged to improve communication with customers after a prior incident involving the Lapsus$ threat group, indicating a commitment to address security issues proactively."

Engadgethttps://www.engadget.com/apps/okta-vulnerability-allowed-accounts-with-long-usernames-to-log-in-without-a-password-150041758.html