Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://cyberplace.social/users/GossiTheDog/statuses/113410416161296115">Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 02-Nov-2024 09:00:36 JST</a><a href="https://cyberplace.social/@GossiTheDog" title="gossithedog@cyberplace.social"><img src="https://gnusocial.jp/avatar/38360-48-20240926225417.webp" width="48" height="48" alt="Kevin Beaumont" style="position: absolute; left: 0; top: 0;">Kevin Beaumont</a></section><article><p>Remember a few weeks ago when Okta dropped a critical auth bypass vuln they’d been aware of for weeks on a Friday at 11pm? </p><p>Well, they’re back again with another auth bypass dropped on a Friday at 11pm <a href="https://infosec.exchange/@SecureOwl/113409933398662230" rel="nofollow noreferrer">https://infosec.exchange/@SecureOwl/113409933398662230</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3921156#notice-7661560">In conversation</a><time datetime="2024-11-02T09:00:36+09:00" title="Saturday, 02-Nov-2024 09:00:36 JST">about a month ago</time> <span>from <span><a href="https://cyberplace.social/@GossiTheDog/113410416161296115" rel="external" title="Sent from cyberplace.social via ActivityPub">cyberplace.social</a></span></span><a href="https://cyberplace.social/@GossiTheDog/113410416161296115">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://infosec.exchange/@SecureOwl/113409933398662230">Mike Sheward (@SecureOwl@infosec.exchange)</a></h5><div> from <span>Mike Sheward</span></div></header><div>Okta is really getting into the habit of dropping these gems on a Friday afternoon, and I'm starting to get a bit concerned."We have discovered and resolved a vulnerability in Okta AD/LDAP DelAuth. For Okta orgs without MFA sign-on policies, and using accounts with usernames of 52 characters or more, this could allow users to authenticate by providing only the username, regardless of the password entered."</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kevin Beaumont (gossithedog@cyberplace.social)'s status on Saturday, 02-Nov-2024 09:00:36 JST Kevin Beaumont
Remember a few weeks ago when Okta dropped a critical auth bypass vuln they’d been aware of for weeks on a Friday at 11pm?
Well, they’re back again with another auth bypass dropped on a Friday at 11pm https://infosec.exchange/@SecureOwl/113409933398662230
In conversationabout a month ago from cyberplace.socialpermalink
Attachments
1. No result found on File_thumbnail lookup.
  Mike Sheward (@SecureOwl@infosec.exchange)
  from Mike Sheward
  Okta is really getting into the habit of dropping these gems on a Friday afternoon, and I'm starting to get a bit concerned. "We have discovered and resolved a vulnerability in Okta AD/LDAP DelAuth. For Okta orgs without MFA sign-on policies, and using accounts with usernames of 52 characters or more, this could allow users to authenticate by providing only the username, regardless of the password entered."

Public

Embed Notice

HTML Code

Corresponding Notice