Okta has addressed a vulnerability in its login system, allowing users with usernames over 52 characters to bypass password checks under specific conditions. The issue was present since July 23rd and has now been resolved by switching the cryptographic algorithm from Bcrypt to PBKDF2. Customers whose setups meet the necessary conditions are advised to review three months of system logs.
Source: https://www.theverge.com/2024/11/1/24285874/okta-52-character-login-password-authentication-bypass