Okta has issued an unusual security advisory update, revealing that under specific circumstances, an attacker could log in by only providing a username with a stored cache key from a previous successful authentication. The vulnerability is related to the Bcrypt algorithm used to generate the cache key for AD/LDAP DelAuth.
According to Okta, this exploit can occur when the agent is down or experiencing high traffic, causing DelAuth to hit the cache first. The issue has been present since July 23rd, but was resolved by switching to a different cryptographic algorithm, PBKDF2.
Customers whose systems meet specific conditions, including a username over 52 characters and certain authentication policy settings, should check their system logs from three months prior for any potential issues. However, Okta has not provided further details on the issue.
Source: https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass