Okta, a prominent identity and access management provider, has been found to be vulnerable to an authorization bypass flaw. This vulnerability, which has been patched, allows attackers to gain unauthorized access to restricted resources, potentially compromising sensitive user data. The vulnerability stems from Okta’s AD/LDAP delegated authentication mechanism, which allows users to authenticate with a username longer than 52 characters. Attackers could exploit this by crafting specially designed usernames, effectively bypassing authentication checks and gaining access to resources without proper authorization. This incident highlights the importance of robust security practices, including thorough vulnerability assessments and timely patching of identified flaws.
The latest update to the Steam platform requires game developers to disclose kernel-level anti-cheat usage on their store pages. This transparency measure is meant to enhance user awareness and potentially improve the security of the gaming environment. Kernel-level anti-cheat software runs at a privileged level, making it more powerful but also posing a greater security risk as it has deeper access to the system. This new disclosure policy will enable users to make more informed decisions about which games they purchase and play on Steam. It is important for gamers to consider the security implications of kernel-level anti-cheat and potentially avoid games using such software, especially on platforms like Steam Deck or desktop Linux. While anti-cheat software aims to prevent cheating and promote fair play, its reliance on kernel access introduces complexities and potential security vulnerabilities.
Cisco’s Unified Industrial Wireless Software for Ultra-Reliable Wireless Backhaul (URWB) Access Points has been found to contain a critical command injection vulnerability. This vulnerability, tracked as CVE-2024-39123, allows unauthenticated attackers to execute commands with root privileges on affected systems. The flaw stems from insufficient validation within the web-based management interface, making it susceptible to malicious HTTP requests. Successful exploitation of this vulnerability could grant attackers complete control over the targeted device, posing significant risks to networked devices and potentially disrupting critical operations. Cisco has released a software update to address the issue, and users are urged to upgrade immediately to mitigate potential impacts.