In a new security advisory, Okta has revealed that its system had a vulnerability that allowed people to log into an account without having to provide the correct password. Okta bypassed password authentication if the account had a username that had 52 or more characters. Further, its system had to detect a “stored cache key” of a previous successful authentication, which means the account’s owner had to have previous history of logging in using that browser. It also didn’t affect organizations that require multi-factor authentication, according to the
→ Continue reading at Engadget
Okta vulnerability allowed accounts with long usernames to log in without a password
