Source URL: https://it.slashdot.org/story/24/11/02/0113243/okta-fixes-login-bypass-flaw-tied-to-lengthy-usernames?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Okta Fixes Login Bypass Flaw Tied To Lengthy Usernames
Feedly Summary:
AI Summary and Description: Yes
Summary: Okta has addressed a significant authentication bypass vulnerability that impacted its AD/LDAP delegated authentication service. The patch was implemented after an issue was discovered due to an algorithmic flaw that stored cached keys, giving unauthorized access to attackers.
Detailed Description:
The recent vulnerability reported by Okta underscores significant risks in identity management and authentication protocols. Here are the key points regarding the situation:
– **Vulnerability Description**:
– The flaw allowed attackers to bypass authentication by exploiting usernames longer than 52 characters.
– Attackers could authenticate with just a username if they had previously cached key access.
– **Technical Root Cause**:
– The vulnerability was tied to the use of the Bcrypt algorithm for generating cache keys from user credentials.
– By switching to the PBKDF2 algorithm, Okta mitigated the risk.
– **Timeline**:
– The vulnerability was introduced on July 23 and was patched on October 30.
– **Recommendations**:
– Okta advised affected customers to conduct audits of their system logs to identify any potential misuse of the vulnerability before the patch was applied.
– **Impact on Security Compliance**:
– Identity management and authentication mechanisms are critical areas of both security and compliance.
– Organizations leveraging Okta need to review their integrations and security practices to ensure that similar vulnerabilities are not present, particularly focusing on cache management and authentication protocols.
This incident reinforces the necessity for continuous monitoring and updating of security practices, especially in areas that directly affect user authentication and access controls.