Skip to content
Techzine Global
  • Home
  • Topstories
  • Topics
    • Analytics
    • Applications
    • Collaboration
    • Data Management
    • Devices
    • Devops
    • Infrastructure
    • Privacy & Compliance
    • Security
  • Insights
    • All Insights
    • Agentic AI
    • Analytics
    • Cloud ERP
    • Generative AI
    • IT in Retail
    • NIS2
    • RSAC 2025 Conference
    • Security Platforms
    • SentinelOne
  • More
    • Become a partner
    • About us
    • Contact us
    • Terms and conditions
    • Privacy Policy
  • Techzine Global
  • Techzine Netherlands
  • Techzine Belgium
  • Techzine TV
  • ICTMagazine Netherlands
  • ICTMagazine Belgium
Techzine » News » Security » Months of logging in without a password at Okta
2 min Security

Months of logging in without a password at Okta

Berry ZwetsNovember 4, 2024 8:46 amNovember 4, 2024
Months of logging in without a password at Okta

For three months, the identity and access management service Okta allowed users to access accounts using only a username.

The vulnerability, which has been active since July, was identified in late October. The issue was in AD/LDAP Delegated Authentication (LDAP), a protocol for accessing stored usernames, passwords, e-mail addresses, and other data within directories. Okta uses LDAP to let users log in by accessing credentials from an organization’s Active Directory or Windows networked single sign-on system.

At least 52 characters

The vulnerability allowed three months to access accounts with user names of at least 52 characters. While this is an unusually long number, it does occur in practice. It allowed access without a password in certain situations, such as agent downtime and high network traffic.

The problem occurred in the cache key generation process, in which an algorithm hashes a combination of userID, username, and password. Retaining cached keys from previous successful login sessions allowed access with a longer username, provided the authentication request was associated with a cached key from previous sessions.

The vulnerability has since been fixed using a different algorithm for the hashing process. However, Okta recommends implementing additional security measures, such as multi-factor authentication, to prevent security problems better now and in the future.

Tip: The security platform beckons: what is it and what does it provide?

Tags:

Active Directory / authentication / Login / Okta

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Stay tuned, subscribe!

Nieuwsbrieven*

Related

Traditional login with username and password disappears on Outlook

Okta hack shows how vulnerable digital authentication is

Zoom and Okta bring additional security to meetings

AuthID integrates Human Factor Authentication with Okta cloud

Editor picks

SimpliVity to Private Cloud AI: how HPE’s stack fits together

HPE is reshaping its entire private cloud portfolio around a single o...

Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”

Cybersecurity starts at the foundation. And in many cases, that’s t...

Meta Muse Spark 1.1 closes the gap to Anthropic and OpenAI

The announcement of Grok 4.5 is less than a day old, but another AI m...

Alation serves up Semantic Model Mastering, it’s MDM for the semantic layer

Alation is the company we know for its data intelligence platform, de...

Techzine.tv

AI security threats facing open source ecosystems in 2026

AI security threats facing open source ecosystems in 2026

Solo.io reveals how to manage AI agents across any platform

Solo.io reveals how to manage AI agents across any platform

AI observability and container security with Wiz at KubeCon

AI observability and container security with Wiz at KubeCon

Buying GPUs doesn't deliver AI value, according to AWS

Buying GPUs doesn't deliver AI value, according to AWS

Read more on Security

69% of companies allow AI agents to share credentials

69% of companies allow AI agents to share credentials

69 percent of companies allow AI agents to share credentials, according to a VentureBeat survey of 107 organi...

Coen van Eenbergen 17 hours ago
KU Leuven discovers privacy leaks in popular crypto wallets

KU Leuven discovers privacy leaks in popular crypto wallets

There are hidden privacy risks in crypto wallets that run as browser extensions. Researchers from DistriNet, ...

Laura Herijgers 11 hours ago
HPE iLO Security: From remote management to quantum-safe security
Top story

HPE iLO Security: From remote management to quantum-safe security

HPE's iLO management controller is far more than a remote access tool, it is the cornerstone of server securi...

Coen van Eenbergen July 3, 2026
Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”
Top story

Dawnguard promises true shift-left: “The only solution is to build something that isn’t vulnerable”

Cybersecurity starts at the foundation. And in many cases, that’s the underlying architecture or code. If i...

Sander Almekinders July 1, 2026

Expert Talks

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD “Helios”: Building rack-scale AI Infrastructure for EMEA Enterprises

AMD recently introduced the “Helios” rack-scale AI architecture, ...

Taking the right lessons from AI success stories

Taking the right lessons from AI success stories

While a lot of the current narratives around AI focus on stalled...

Why traditional security can’t protect your enterprise against AI threats

Today’s AI tools are a boon for many businesses, boosting efficienc...

Power critical workloads with all-NVMe active-active storage for non-stop enterprise operations 

Enterprise infrastructure has reached a turning point where planned d...

Tech calendar

GOTO Copenhagen 2026

September 28, 2026 TAP1, Raffinaderivej 10, 2300 København S, Denmark

Whitepapers

Experience Synology’s latest enterprise backup solution

Experience Synology’s latest enterprise backup solution

How do you ensure your company data is both secure and quickly recove...

How to choose the right Enterprise Linux platform?

How to choose the right Enterprise Linux platform?

"A Buyer's Guide to Enterprise Linux" comprehensively analyzes the mo...

Enhance your data protection strategy for 2025

The Data Protection Guide 2025 explores the essential strategies and...

Strengthen your cybersecurity with DNS best practices

The white paper "DNS Best Practices" by Infoblox presents essential g...

Techzine Global

Techzine focusses on IT professionals and business decision makers by publishing the latest IT news and background stories. The goal is to help IT professionals get acquainted with new innovative products and services, but also to offer in-depth information to help them understand products and services better.

Follow us

Twitter
LinkedIn
YouTube

© 2026 Dolphin Publications B.V.
All rights reserved.

Techzine Service

  • Become a partner
  • Advertising
  • About Us
  • Contact
  • Terms & Conditions
  • Privacy Statement