Okta (OKTA) announced that on October 30, a vulnerability was internally identified in generating the cache key for AD/LDAP DelAuth. The company said: “The Bcrypt algorithm was used to generate the cache key where we hash a combined string of userId + username + password. Under a specific set of conditions, this could allow users to authenticate by providing the username with the stored cache key of a previous successful authentication…. This vulnerability was resolved in Okta’s production environment on October 30.”

