Skip to content
Techzine Europe
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Europe
  • Techzine Netherlands
Techzine News Security Months of logging in without a password at Okta
2 min Security

Months of logging in without a password at Okta

Berry ZwetsNov 4, 2024, 7:46 AM UTCNovember 4, 2024
Months of logging in without a password at Okta

For three months, the identity and access management service Okta allowed users to access accounts using only a username.

The vulnerability, which has been active since July, was identified in late October. The issue was in AD/LDAP Delegated Authentication (LDAP), a protocol for accessing stored usernames, passwords, e-mail addresses, and other data within directories. Okta uses LDAP to let users log in by accessing credentials from an organization’s Active Directory or Windows networked single sign-on system.

At least 52 characters

The vulnerability allowed three months to access accounts with user names of at least 52 characters. While this is an unusually long number, it does occur in practice. It allowed access without a password in certain situations, such as agent downtime and high network traffic.

The problem occurred in the cache key generation process, in which an algorithm hashes a combination of userID, username, and password. Retaining cached keys from previous successful login sessions allowed access with a longer username, provided the authentication request was associated with a cached key from previous sessions.

The vulnerability has since been fixed using a different algorithm for the hashing process. However, Okta recommends implementing additional security measures, such as multi-factor authentication, to prevent security problems better now and in the future.

Tip: The security platform beckons: what is it and what does it provide?

Tags:

Active Directory / authentication / Login / Okta

"*" indicates required fields

Don't miss any IT development

Nieuwsbrieven*
This field is for validation purposes and should be left unchanged.

Related

Traditional login with username and password disappears on Outlook

Okta hack shows how vulnerable digital authentication is

Zoom and Okta bring additional security to meetings

AuthID integrates Human Factor Authentication with Okta cloud

Editor picks

Inside TCS’ digital race behind Formula E

The world of Formula E combines technology and speed with sustainabil...

HPE can finally take over Juniper after settling with the US government

$14 billion acquisition close to final

AI only works if the infrastructure is right

AI is in the spotlight, but without a robust infrastructure, it remai...

Kubernetes complexity killer, Lens by Mirantis embedded AI assistant 

Mirantis has developed Lens by Mirantis, a production-grade AI assist...

Insight: NIS2

EUVD security database is Europe’s next step towards autonomy

EUVD is not a replacement for the MITRE database

Dutch government starts consultation for NIS2 bill

Effective immediately, it is possible for anyone to submit suggestion...

NIS2 leads to better basic hygiene

NIS2 leads to better basic hygiene

Couple of measures can really make a difference

NIS2 compliance is the beginning, better security the goal

NIS2 compliance is the beginning, better security the goal

NIS2 is a hot topic. Companies are preparing for the new European dir...

Read more on Security

IDE extensions threaten the software supply chain

IDE extensions threaten the software supply chain

Extensions in integrated development environments (IDEs) are useful tools that give developers more flexibili...

Erik van Klinken 10 hours ago
Malware campaign targets Web3 and crypto platforms

Malware campaign targets Web3 and crypto platforms

A recent investigation by SentinelLABS has revealed an attack campaign in which North Korean threat actors ar...

Mels Dees 15 hours ago
Dutch Authority: Data theft via ransomware doubles in one year

Dutch Authority: Data theft via ransomware doubles in one year

In 2024, cybercriminals stole personal data almost twice as often as in the previous year. The Dutch data pro...

Berry Zwets 17 hours ago
A Ferrari needs brakes, innovation needs cybersecurity
Top story

A Ferrari needs brakes, innovation needs cybersecurity

Practical insights into managed security from the field

Sander Almekinders 1 day ago

Tech calendar

GITEX DIGI_HEALTH 5.0 - Thailand

September 10, 2025 BITEC Bangkok, Thailand

IT Arena

September 26, 2025 Lviv, Ukraine

Innovation Week 2025

October 9, 2025 Prague

Luxembourg Venture Days

October 22, 2025 Luxembourg

Appdevcon

March 10, 2026 Amsterdam

Webdevcon

March 10, 2026 Amsterdam

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2025 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement

Notifications