Okta warns of credential stuffing attacks targeting its CORS feature

Okta warns of credential stuffing attacks targeting its CORS feature

May 29, 2024 at 11:48AM

Okta warns of ongoing credential stuffing attacks targeting Customer Identity Cloud (CIC) cross-origin authentication feature since April. The company has identified affected endpoints and advised customers to review logs for specific events, rotate compromised user credentials, and implement passwordless, phishing-resistant authentication. Okta is offering further support through its Customer Support and community forums.

Based on the meeting notes, here are the key takeaways:

1. Okta has warned about targeted credential stuffing attacks on its Customer Identity Cloud (CIC) feature, with attacks identified since April 15, 2024.

2. The credential stuffing attacks are targeting endpoints using CIC’s cross-origin authentication feature.

3. Okta has notified affected customers and provided remediation guidance for securing their accounts.

4. Admins are recommended to check logs for specific events indicating cross-origin authentication and login attempts using leaked credentials.

5. Okta suggests several mitigations, including rotating compromised user credentials, implementing passwordless and phishing-resistant authentication, enforcing strong password policies, and disabling cross-origin authentication if not used.

6. Okta is also advising customers to remove permitted cross-origin devices that are not in use, restrict permitted origins for cross-origin authentication if necessary, and consider enabling breached password detection or Credential Guard.

7. Customers needing further assistance can contact Okta’s Customer Support or use its community forums for support.

Let me know if there’s anything else you’d like to include or highlight from these notes.

Full Article