Okta patched a security flaw in AD/LDAP DelAuth affecting usernames over 52 characters
Nov 4, 2024 at 1:40 PM

Okta patched a security flaw in AD/LDAP DelAuth affecting usernames over 52 characters

On October 30, 2024, Okta identified a security vulnerability in its AD/LDAP DelAuth product, specifically affecting usernames over 52 characters. The issue revolved around the use of the Bcrypt algorithm to generate a cache key, combining userId, username, and password. Under certain conditions, this flaw could allow users to authenticate with a stored cache key from a previous successful login.

The vulnerability impacted Okta AD/LDAP DelAuth versions from July 23, 2024, and was resolved in production on the same day it was identified. For exploitation to occur, several pre-conditions had to be met: the use of Okta AD/LDAP delegated authentication, absence of multi-factor authentication (MFA), a username of 52 characters or longer, a previously created authentication cache, and the cache being used first due to AD/LDAP agent unavailability.

Okta advises customers meeting these criteria to review their system logs for unexpected authentications from usernames exceeding 52 characters between July 23 and October 30, 2024. Additionally, Okta recommends implementing MFA as a baseline security measure for all users.

Nov 4, 2024 by Paul

cz
sander-van-dijk2025
city_zen found this interesting
Okta iconOkta
  6
  • ...

Okta is an identity management platform that focuses on secure access, authentication, and automation through its Workforce and Customer Identity Clouds. By placing identity at the center of business security and growth, Okta aims to streamline identity-related processes. It holds a rating of 4 and is often compared to alternatives like AuthKit, Keycloak, and Stack Auth.

No comments so far, maybe you want to be first?
Gu