Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://know.me.uk/users/VModifiedMind/statuses/113419225767497584">V is for... (vmodifiedmind@know.me.uk)'s status on Saturday, 09-Nov-2024 05:34:44 JST</a><a href="https://know.me.uk/@VModifiedMind" title="vmodifiedmind@know.me.uk"><img src="https://gnusocial.jp/avatar/40531-48-20240819094015.webp" width="48" height="48" alt="V is for..." style="position: absolute; left: 0; top: 0;">V is for...</a></section><article><p>Sure there’s a great reason why the code was written such that regardless of length of username you may allow some length can magically skip the password phase. </p><p>And these are the companies people sit in the middle doing SSO and MFA with. Or in other words. They’re a bloody vulnerability you’re adding to your stack you thought were helping you with identity and security management.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3965285#notice-7746004">In conversation</a><time datetime="2024-11-09T05:34:44+09:00" title="Saturday, 09-Nov-2024 05:34:44 JST">about 6 months ago</time> <span>from <span><a href="https://know.me.uk/@VModifiedMind/113419225767497584" rel="external" title="Sent from know.me.uk via ActivityPub">know.me.uk</a></span></span><a href="https://know.me.uk/@VModifiedMind/113419225767497584">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/3444164">An email from Okta regarding a resolved security vulnerability in Okta AD/LDAP DelAuth. It states that accounts with usernames of 52 characters or more, without MFA policies, could allow authentication using only the username.</a></label><br><a href="https://know.me.uk/system/media_attachments/files/113/419/220/589/532/633/original/cc8b4b71dbc6beb2.jpeg" rel="external">https://know.me.uk/system/media_attachments/files/113/419/220/589/532/633/original/cc8b4b71dbc6beb2.jpeg</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
V is for... (vmodifiedmind@know.me.uk)'s status on Saturday, 09-Nov-2024 05:34:44 JST V is for...
Sure there’s a great reason why the code was written such that regardless of length of username you may allow some length can magically skip the password phase.
And these are the companies people sit in the middle doing SSO and MFA with. Or in other words. They’re a bloody vulnerability you’re adding to your stack you thought were helping you with identity and security management.
In conversationabout 6 months ago from know.me.ukpermalink
Attachments
1. An email from Okta regarding a resolved security vulnerability in Okta AD/LDAP DelAuth. It states that accounts with usernames of 52 characters or more, without MFA policies, could allow authentication using only the username.
  https://know.me.uk/system/media_attachments/files/113/419/220/589/532/633/original/cc8b4b71dbc6beb2.jpeg

Public

Embed Notice

HTML Code

Corresponding Notice