A vulnerability in Okta's AD/LDAP DelAuth was identified on October 30, 2024, allowing users to authenticate using only the username if it exceeds 52 characters and a cache key was previously generated. The issue was resolved the same day by switching cryptographic algorithm from bcrypt to PBKDF2.
