Crypto M - Crypto News
@cryptom
2.08K subscribers
15.9K photos
194 links
Your #1 destination for the latest and most unbiased market news on Bitcoin, Ethereum, NFT, Fintech, Web3, DeFi, and Blockchain.
Download Telegram
About
Blog
Apps
Platform
Join
Crypto M - Crypto News
2.08K subscribers
Crypto M - Crypto News
🚀 Okta Addresses Vulnerability Allowing Username Bypass

According to Foresight News, SlowMist's Chief Information Security Officer 23pds reported that Okta allowed any username exceeding 52 characters to bypass login.

Additionally, identity and access management software provider Okta announced that on October 30, an internal vulnerability was discovered while generating cache keys for AD/LDAP DelAuth. The Bcrypt algorithm was used to generate cache keys by hashing a combination string of userId, username, and password. Under specific conditions, this could allow users to authenticate by providing a stored cache key from a previously successful authentication. The prerequisite for this vulnerability was that the username must be equal to or exceed 52 characters each time a cache key was generated for the user. The affected products and versions were Okta AD/LDAP DelAuth up to July 23, 2024. This vulnerability was resolved in Okta's production environment on October 30, 2024.

#Okta #Vulnerability #UsernameBypass #IdentityManagement #AccessManagement #CyberSecurity #ForesightNews #SlowMist #Bcrypt #Authentication #ADLDAP #DelAuth
44 views
Crypto M - Crypto News
🚀 Security Breach at Bedrock UniBTC Protocol Uncovered

According to PANews, Web3 security and analytics firm FuzzLand recently revealed a security incident involving the Bedrock UniBTC protocol. The breach was orchestrated by a former employee who exploited internal access and advanced persistent threat techniques to steal sensitive system information over a three-week period, ultimately leading to an attack on the protocol. The incident was triggered by unauthorized access to intelligence related to a Dedaub vulnerability report.

FuzzLand has compensated the affected parties and is collaborating with security companies and law enforcement agencies to investigate the breach. The company assured that customer data remains unaffected and shared insights from the incident. FuzzLand urged the crypto community to enhance supply chain security, access management, and employee identity verification to collectively strengthen industry defenses.

#SecurityBreach #BedrockUniBTC #Web3 #FuzzLand #CryptoSecurity #DataProtection #AccessManagement #SupplyChainSecurity #EmployeeVerification #DedaubVulnerability #BTC
13 views