Okta just fixed a particularly unusual bug in its software.
The digital security management company published a bug fix report on your website (as seen The edge) informing users that a technical problem in the system had been fixed that, in theory, allowed criminals to gain access to accounts. Sounds pretty normal, right? Well, here’s the kicker: the bug could have allowed someone to log into an account. without entering password as long as the username is 52 characters or more.
Crushable speed of light
Largest US healthcare data breach exposes 100 million customers’ medical records
“During specific conditions, this could allow users to authenticate by providing only the username with the cache key stored from a previous successful authentication,” Okta wrote.
It should be emphasized again that this is no longer a concern for Okta users. The error has been fixed. Unfortunately, it existed on the system for about three months, as Okta’s report said the software had been affected since July until someone noticed on October 30. It is a long time for such a vulnerability to be present, but it is not clear at this time. if anyone was negatively affected by it.