Okta Fixes Auth Bypass Bug After 3-Month Lull


Okta Fixes Auth Bypass Bug After 3-Month LullOkta has resolved an authentication bypass vulnerability that impacted users with long usernames (52 characters or more) or companies with lengthy domain names. The issue allowed attackers to bypass Okta AD/LDAP delegated authentication under specific conditions, including the use of cached authentication when the AD/LDAP agent was unreachable. Discovered by Okta on October 30, the flaw had been present for three months and has now been patched. Customers are advised to review their logs for suspicious activity dating back to July 23 and to implement MFA as an added security measure. It is unknown if the vulnerability was exploited in the wild.

Read More


thumb-image

Solutions