Okta is warning {that a} cross-origin authentication characteristic in Buyer Id Cloud (CIC) is vulnerable to credential stuffing assaults orchestrated by risk actors.
“We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers,” the Id and entry administration (IAM) companies supplier stated.
The suspicious exercise commenced on April 15, 2024, with the corporate noting that it “proactively” knowledgeable prospects that had the characteristic enabled. It didn’t disclose what number of prospects had been impacted by the assaults.
Credential stuffing is a kind of cyber assault wherein adversaries try and register to on-line companies utilizing an already accessible record of usernames and passwords obtained both from earlier information breaches, or from phishing and malware campaigns.
As beneficial actions, customers are being requested to assessment tenant logs for any indicators of surprising login occasions – failed cross-origin authentication (fcoa), success cross-origin authentication (scoa), and breached password (pwd_leak) – rotate credentials, and limit or disable cross-origin authentication for tenants.
Tenants are prone to have been focused in a credential stuffing assault no matter whether or not cross-origin authentication is used or not if scoa or fcoa occasions are current in occasion logs and if there is a rise within the failure-to-success occasions.
Different mitigations embrace enabling breached password detection or Credential Guard, prohibiting customers from selecting weak passwords, and enrolling them in passwordless, phishing resistant authentication utilizing new requirements equivalent to passkeys.
The event arrives a month after the corporate alerted of an uptick within the “frequency and scale” of credential stuffing assaults aimed toward on-line companies that is facilitated utilizing residential proxy companies.
