tiprankstipranks
Okta reveals login vulnerability allowing login without password
The Fly

Okta reveals login vulnerability allowing login without password

Okta (OKTA) announced that on October 30, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth. The company said: “The Bcrypt algorithm was used to generate the cache key where we hash a combined string of userId + username + password. Under a specific set of conditions, this could allow users to authenticate by providing the username with the stored cache key of a previous successful authentication…. This vulnerability was resolved in Okta’s production environment on October 30.”

Don't Miss Our Christmas Offers:

Published first on TheFly – the ultimate source for real-time, market-moving breaking financial news. Try Now>>

Looking for investment ideas? Subscribe to our Smart Investor newsletter for weekly expert stock picks!
Get real-time notifications on news & analysis, curated for your stock watchlist. Download the TipRanks app today! Get the App