MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
flaw
Recherche

Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames

samedi 2 novembre 2024, 02:31 , par Slashdot
Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames
Identity management firm Okta said Friday it has patched a critical authentication bypass vulnerability that affected customers using usernames longer than 52 characters in its AD/LDAP delegated authentication service.

The flaw, introduced on July 23 and fixed October 30, allowed attackers to authenticate using only a username if they had access to a previously cached key. The bug stemmed from Okta's use of the Bcrypt algorithm to generate cache keys from combined user credentials. The company switched to PBKDF2 to resolve the issue and urged affected customers to audit system logs.

Read more of this story at Slashdot.
Lire la suite sur Slashdot
https://it.slashdot.org/story/24/11/02/0113243/okta-fixes-login-bypass-flaw-tied-to-lengthy-username...

Voir aussi

flaw Flaw in Right-Wing ‘Election Integrity’ App Exposes Voter-Suppression Plan and User Data Wired: Tech. 5 Nov
usernames Redox runs on RISC-V, boots to GUI login on Raspberry Pi 4 OS News 5 Nov
bypass Why the long name? Okta discloses auth bypass bug affecting 52-character usernames TheRegister 4 Nov
okta Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack Wired: Tech. 1 Nov
authentication AWS Cloud Development Kit flaw exposed accounts to full takeover TheRegister25 Oct
affected Emergency patch: Cisco fixes bug under exploit in brute-force attacks TheRegister24 Oct
using Microsoft releases Windows 11 update with revamped Start menu, printer fixes, and new Copilot button remapping BetaNews24 Oct
customers Microsoft SharePoint RCE flaw exploits in the wild – you've had 3 months to patch TheRegister23 Oct
tied Chrome 130’s first patch fixes three high-risk security flaws PC World23 Oct
login Optional Windows 10 update fixes printer, scanner, and crash bugs PC World23 Oct
fixes VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time TheRegister22 Oct
lengthy Jetpack fixes 8-year-old flaw affecting millions of WordPress sites TheRegister19 Oct
flaw Thousands of Fortinet instances vulnerable to actively exploited flaw TheRegister14 Oct
usernames Comparatif 2024 : PC fixes ou PC portables, quelle option privilégier selon vos usages ? Blue-Hardware14 Oct
bypass Jusqu'à 30% de remise pour les Jours Acer ! (PC portables / fixes, écrans, gaming...) Génération-NT13 Oct
okta Update Firefox 131 now to patch a critical zero-day security flaw PC World10 Oct
authentication Still running Windows 11 22H2? No more security fixes from Microsoft for you! BetaNews 9 Oct
affected How to bypass Microsoft’s TPM 2.0 requirements when upgrading to Windows 11 24H2 BetaNews 8 Oct
using The best new features and fixes in Python 3.13 InfoWorld 7 Oct
customers Apple Fixes Bugs in macOS Sequoia That Broke Some Cybersecurity Tools Slashdot 7 Oct
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 7 nov. - 10:57 CET