Executive Summary
The Beyond Identity team added additional detection rules to our WAF. These changes led to one customer being unable to authenticate or access app.byndid.com. Beyond Identity was alerted to the problem, and mitigation was promptly implemented. Only one customer was experiencing issues.
Root Cause
The security team added additional WAF rules to block a collection of disclosed vulnerabilities. These changes identified traffic coming in from a single customer as malicious/anomalous.
The root cause was traced to a single WAF rule blocking a specific CVE.
Posted Jul 12, 2022 - 11:31 CDT
Resolved
We have verified that the issue is resolved.
Posted Jul 07, 2022 - 09:13 CDT
Monitoring
The site reliability engineering team has made an update to the configuration that was causing an issue. We keep monitoring to verify that this is fixing the problem.
Posted Jul 07, 2022 - 08:55 CDT
Identified
Our site reliability team is investigating the issue.
Posted Jul 07, 2022 - 08:47 CDT
This incident affected: USA - Authentication Service, USA - Enrollment Service, and USA - Migration Service.