Okta reveals security flaw
Okta has announced a security problem in its system that allowed some users to log into their accounts without entering the correct password. This issue occurred if a username was 52 characters or longer. In these cases, the system could bypass password checks if it found a “stored cache key” from a previous successful login using the same browser. Accounts that require multi-factor authentication were not affected.
How the Vulnerability Happened
The company admitted that this vulnerability was introduced during a standard update on July 23, 2024, and it was only discovered and fixed on October 30. Okta is advising customers who might be at risk to check their access logs from the past few months. While a 52-character username may seem long, it can still be easier to guess than a strong password, especially if it includes personal information like a full name or email address.
Okta’s Role in Authentication
Okta provides software that helps businesses manage user authentication for their applications. It allows users to access multiple apps with a single login, simplifying the process. The company has not confirmed if anyone was specifically affected by this issue, but it has promised to improve communication with customers following past incidents involving unauthorized account access.