Okta warns\u00a0of credential stuffing attacks<\/a> targeting its Customer Identity Cloud (CIC) feature since April.<\/p>\n\n\n\n
“Okta has determined that the cross-origin authentication feature in Customer Identity Cloud (CIC) is prone to being targeted by threat actors orchestrating credential-stuffing attacks.” reads advisory<\/a>. “For context, we observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers.”
Cross-Origin Resource Sharing (CORS)\u00a0(opens new window)<\/a>is a mechanism that allows a web page to make an AJAX call using\u00a0XMLHttpRequest (XHR)\u00a0(opens new window)<\/a>. Use XHR to call a domain that is different than the domain where the script was loaded. Such cross-domain requests would otherwise be forbidden by web browsers as indicated by the\u00a0same origin security policy\u00a0(opens new window)<\/a>. CORS defines a\u00a0standardized\u00a0(opens new window)<\/a>way in which the browser and the server can interact to determine whether to allow the cross-origin request.
At the end of April, Okta observed <\/strong><\/a>a surge in\u00a0credential stuffing attacks<\/a>\u00a0against online services, aided by the widespread availability of residential proxy services, lists of previously compromised credentials (\u201ccombo lists\u201d), and automation tools.<\/p>\n\n\n\n
The latest advisory includes recommendations to mitigate these attacks.<\/p>\n\n\n\n
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0Okta)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"