serein
@etd
1765 Following
974 Followers
0 reply
0 recast
0 reaction
Okta, a provider of identity and access management software, officially announced that on October 30, 2024, an internal vulnerability was discovered in AD/LDAPDelAuth for generating cache keys. The Bcrypt algorithm is used to generate cache keys, where we hash the combination string of userId+username+password. Under specific conditions, this may allow users to authenticate only by providing stored cached keys that were previously successfully authenticated to the username. The premise of this vulnerability is that each time a cache key is generated for the user, the username must be equal to or exceed 52 characters. The affected product and version is OktaAD/LDAPDelAuth as of July 23, 2024, and the vulnerability was resolved in Okta's production environment on October 30, 2024. @rudya.eth 0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction
0 reply
0 recast
0 reaction