May 30, 2024 at 11:53AM
Okta, an identity management service provider, is warning of credential-stuffing attacks against its Customer Identity Cloud’s cross-origin authentication feature. The company has provided guidance for mitigating the attacks and preventing them, including monitoring event logs for specific indicators and enabling breached password detection. Further defense measures include passwordless authentication, strong password requirements, and multifactor authentication.
Okta has reported two instances of credential-stuffing attacks targeting their Customer Identity Cloud (CIC) authentication offering. These attacks were directed at the cross-origin authentication feature, part of Okta’s Cross-Origin Resource Sharing (CORS) functionality, designed to enable JavaScript running on a browser client to interact with resources from a different origin.
Okta has taken proactive measures to inform affected customers and has provided detailed guidance for mitigation and prevention. Okta customers using CORS should review their tenant logs for specific events such as “FCOA,” “SCOA,” and “pwd_leak” to determine if they were targeted. They are also advised to restrict permitted origins and enable breached password detection for affected tenants.
To defend against credential-stuffing attacks, Okta recommends enrolling users in passwordless, phishing-resistant authentication and utilizing passkeys as the most secure option. For organizations using passwords, it is suggested to prevent users from choosing weak passwords, set a minimum password length of 12 characters, and avoid parts of the user name in passwords. Multifactor authentication (MFA) is also recommended as a defense measure.
Additionally, Okta advises that tenants not using cross-origin authentication can disable endpoints to entirely eliminate the attack vector. If passwords are compromised in a credential-stuffing attack, Okta stresses the importance of changing them immediately.
This information should help you in generating clear takeaways from the meeting notes.