MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
flaw
Recherche

Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames

samedi 2 novembre 2024, 02:31 , par Slashdot
Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames
Identity management firm Okta said Friday it has patched a critical authentication bypass vulnerability that affected customers using usernames longer than 52 characters in its AD/LDAP delegated authentication service.

The flaw, introduced on July 23 and fixed October 30, allowed attackers to authenticate using only a username if they had access to a previously cached key. The bug stemmed from Okta's use of the Bcrypt algorithm to generate cache keys from combined user credentials. The company switched to PBKDF2 to resolve the issue and urged affected customers to audit system logs.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/24/11/02/0113243/okta-fixes-login-bypass-flaw-tied-to-lengthy-username...

Voir aussi

flaw Microsoft slips Task Manager and processor count fixes into Patch Tuesday TheRegister13 Nov
usernames Microsoft fixes dozens of security flaws in Windows and Office PC World13 Nov
bypass Acer Swift 14 AI review: A humble laptop with lengthy battery life PC World12 Nov
okta D-Link Won't Fix Critical Flaw Affecting 60,000 Older NAS Devices Slashdot12 Nov
authentication Debian Linux 12 bookworm receives eighth update with crucial security fixes BetaNews 9 Nov
affected Hacker Says They Banned 'Thousands' of Call of Duty Gamers By Abusing Anti-Cheat Flaw Slashdot 7 Nov
using Cisco scores a perfect CVSS 10 with critical flaw in its wireless system TheRegister 7 Nov
customers Flaw in Right-Wing ‘Election Integrity’ App Exposes Voter-Suppression Plan and User Data Wired: Tech. 5 Nov
tied Redox runs on RISC-V, boots to GUI login on Raspberry Pi 4 OS News 5 Nov
login Why the long name? Okta discloses auth bypass bug affecting 52-character usernames TheRegister 4 Nov
fixes Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack Wired: Tech. 1 Nov
lengthy AWS Cloud Development Kit flaw exposed accounts to full takeover TheRegister25 Oct
flaw Emergency patch: Cisco fixes bug under exploit in brute-force attacks TheRegister24 Oct
usernames Microsoft releases Windows 11 update with revamped Start menu, printer fixes, and new Copilot button remapping BetaNews24 Oct
bypass Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch TheRegister23 Oct
okta Chrome 130’s first patch fixes three high-risk security flaws PC World23 Oct
authentication Optional Windows 10 update fixes printer, scanner, and crash bugs PC World23 Oct
affected VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time TheRegister22 Oct
using Jetpack fixes 8-year-old flaw affecting millions of WordPress sites TheRegister19 Oct
customers Thousands of Fortinet instances vulnerable to actively exploited flaw TheRegister14 Oct
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 21 nov. - 15:12 CET