Okta, a digital security management company, has fixed a unusual bug in its software that could have allowed bad actors to log into accounts without entering passwords. The bug, which was present for approximately three months, would allow users to authenticate using only their username if it was 52 characters or longer.
According to Okta’s report, the vulnerability existed since July and was not discovered until October 30. While the company has confirmed that no one was negatively affected by the bug, its duration is concerning. The fix was posted on Okta’s website as a precautionary measure to ensure user security.
Source: https://mashable.com/article/okta-52-character-username-bug-fixed