Okta just fixed a very weird security bug for accounts with long usernames
Okta simply squashed a very uncommon bug in its software program.
The digital safety administration firm posted a bug repair report back to its web site (as noticed by The Verge) letting customers know {that a} glitch within the system that theoretically allowed unhealthy actors to realize entry to accounts had been ironed out. Sounds regular sufficient, proper? Nicely, this is the kicker: The bug may’ve allowed somebody to log into an account with out coming into the password so long as the username was 52 characters or longer.
Mashable Mild Velocity
Largest U.S. healthcare information breach exposes medical data of 100 million prospects
“Throughout particular situations, this might permit customers to authenticate by solely offering the username with the saved cache key of a earlier profitable authentication,” Okta wrote.
It must be re-emphasized that that is not a priority for Okta customers. The bug has been fastened. Sadly, it existed within the system for about three months, as Okta’s report mentioned the software program had been affected since July till somebody seen on Oct. 30. That is a really very long time for such a vulnerability to be current, nevertheless it’s unclear at this level if anybody was negatively affected by it.