Okta has addressed an authentication bypass bug that affects users with long usernames or employers with wordy domain names. The security hole could have allowed cybercriminals to pass Okta AD/LDAP delegated authentication (DelAuth) using just a username, but only if certain conditions were met. These conditions included a 52-character username and previous authentication.
The vulnerability was discovered by Okta on October 30th after lurking in the system for three months. Despite being fixed, the company recommended that customers check their logs for any odd authentication attempts dating back to July 23rd. Furthermore, Okta advised customers to implement multifactor authentication (MFA) at a minimum.
It is unclear whether there were any in-the-wild exploitation attempts, as Okta did not respond immediately to a request for comment from Dark Reading. The bug was discovered by Okta’s internal monitoring systems and was addressed before it could cause significant harm.
Source: https://www.darkreading.com/vulnerabilities-threats/okta-fixes-auth-bypass-bug-three-month-lull