Okta (OKTA) announced that on October 30, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth. The company said: “The Bcrypt algorithm was used to generate the cache key where we hash a combined string of userId + username + password. Under a specific set of conditions, this could allow users to authenticate by providing the username with the stored cache key of a previous successful authentication…. This vulnerability was resolved in Okta’s production environment on October 30.”
Don't Miss Our Christmas Offers:
- Discover the latest stocks recommended by top Wall Street analysts, all in one place with Analyst Top Stocks
- Make smarter investments with weekly expert stock picks from the Smart Investor Newsletter