Okta discovered a security vulnerability affecting accounts with usernames 52 characters or longer, allowing potential unauthorized access without multi-factor authentication. The issue hinged on specific conditions such as a previously successful login and unreachable AD/LDAP agent. Okta fixed the bug on October 30 and advised users to check logs for suspicious activity and implement MFA.
Sort: