In a new security advisory, Okta has revealed that its systems had a vulnerability that allowed people to log into an account without providing the correct password. If the account had a username with 52 characters or more, Okta bypassed password authentication.
In addition, its systems had to detect “stored cache keys” of previous successful authentications, meaning the account owner had to have a previous history of logging in using that browser. According to a notice the company sent to its users, it also did not affect organizations that require multi-factor authentication.
Still, a 52-character username is easier to guess than a random password — it could be as simple as a person’s email address containing their full name along with their organization’s website domain.
The company has acknowledged that the vulnerability was introduced as part of a standard update released on July 23, 2024, and that it discovered (and fixed) the issue only on October 30. It is now advising customers who meet all of the vulnerability’s conditions to check their access logs over the past few months.
Okta provides software that makes it easy for companies to add authentication services to their applications. For organizations with multiple apps, it gives users access to a single, unified log-in so they don’t have to verify their identity for each application.
The company did not say whether it knew of anyone affected by this specific issue, but promised that it would “communicate with customers more quickly” than in the past when the threat group Lapsus$ accessed some users’ accounts.
While the use of generative AI in games seems almost inevitable, as this medium has always toyed with new ways to make enemies and NPCs smarter and more realistic, watching several NVIDIA ACE demos back to back really gave me stomach pain.
It wasn’t just slightly smarter enemy AI – ACE can create entire conversations out of thin air, simulate voices and try to give NPCs a sense of personality. It’s also doing this locally on your PC, powered by NVIDIA’s RTX GPUs. But while this all might sound good on paper, I hated nearly every second I saw the AI NPCs in action.