HomeVulnerabilityOkta’s ‘safe by design’ pledge suffers a buggy setback

Okta’s ‘safe by design’ pledge suffers a buggy setback

The flaw is an apparent oversight of at the least one of many seven commitments inside CISA’s safe by design rules, which embrace implementing multi issue authentication (MFA), decreasing default passwords, decreasing courses of vulnerability, making use of security patches, vulnerability enumeration and disclosure, and proof of intrusions.

Cache key era isn’t safe by design

The vulnerability, which was launched by means of a routine July 23, 2024 replace, stems from Okta’s use of the Bcrypt algorithm to generate a cache key the place it hashes a mixed string of person id, username, and password.

Within the case of usernames that had been 52 characters lengthy, or longer, the saved cache key from a earlier profitable login try allowed re-login, successfully bypassing the necessity for a password.

See also  What “next-gen” id security really means – and why it’s more and more important
- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular