Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Okta revealed that it fixed a big oopsy it made that allowed bad actors to potentially gain access to accounts with obnoxiously long usernames with ease.
In an Oct. 30 security advisory, the authentication vendor disclosed that it had identified a vulnerability that impacts its AD/LDAP Delegated Authorization process that would allow certain users to authenticate with just a username and a stored cache key of a previous successful login attempt.
The bug was introduced in late July as part of a standard release. Okta noted that the vulnerability could only have been exploited if a specific set of conditions were met, one of which including that a targeted account had to have a username with 52 or more characters. (So much for unique usernames…)
Other stipulations included the user having had previously authenticated and not having multi-factor authentication applied.
The vulnerability was identified on Oct. 30 and was patched on the same day. However, Okta recommends that customers who happen to meet all of the preconditions check for any suspicious authentications during the period when the vulnerability was active. The company also noted that all of its customers should have MFA implemented.