GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

An email from Okta regarding a resolved security vulnerability in Okta AD/LDAP DelAuth. It states that accounts with usernames of 52 characters or more, without MFA policies, could allow authentication using only the username.

Download link

https://know.me.uk/system/media_attachments/files/113/419/220/589/532/633/original/cc8b4b71dbc6beb2.jpeg

Notices where this attachment appears

  1. Embed this notice
    V is for... (vmodifiedmind@know.me.uk)'s status on Saturday, 09-Nov-2024 05:34:44 JST V is for... V is for...

    Sure there’s a great reason why the code was written such that regardless of length of username you may allow some length can magically skip the password phase.

    And these are the companies people sit in the middle doing SSO and MFA with. Or in other words. They’re a bloody vulnerability you’re adding to your stack you thought were helping you with identity and security management.

    In conversation about 6 months ago from know.me.uk permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.