首页发现正文

Okta just fixed a very weird security bug for accounts with long usernames

2025-04-27 12:26:49admin

Okta just squashed a particularly unusual bug in its software.

The digital security management company posted a bug fix report to its website (as spotted by The Verge) letting users know that a glitch in the system that theoretically allowed bad actors to gain access to accounts had been ironed out. Sounds normal enough, right? Well, here's the kicker: The bug could've allowed someone to log into an account without entering the passwordas long as the username was 52 characters or longer.

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!
SEE ALSO: Largest U.S. healthcare data breach exposes medical records of 100 million customers

"During specific conditions, this could allow users to authenticate by only providing the username with the stored cache key of a previous successful authentication," Okta wrote.

It should be re-emphasized that this is no longer a concern for Okta users. The bug has been fixed. Unfortunately, it existed in the system for about three months, as Okta's report said the software had been affected since July until someone noticed on Oct. 30. That's a very long time for such a vulnerability to be present, but it's unclear at this point if anyone was negatively affected by it.

  • 文章

    753

  • 浏览

    93658

  • 获赞

    78485

赞一个、收藏了!

分享给朋友看看这篇文章

相关标签

热门推荐