Authorization Flow Insecurities

Resolved

Major outage

Started about 1 year agoLasted about 17 hours

Updates

Resolved
Feb 09 2024 at 11:59 AM
Resolved
Feb 09 2024 at 11:59 AM
This issue has been resolved, we are seeing no signs of major errors or concern!
Monitoring
Feb 09 2024 at 8:41 AM
Monitoring
Feb 09 2024 at 8:41 AM
Changes have been pushed to production and services have been restored, we will monitor the results for issues for a bit before we close this issue. Please let us know if you experience any bugs with the changes.
Update
Feb 09 2024 at 8:21 AM
Update
Feb 09 2024 at 8:21 AM
We are working on pushing the final run of commits, service will be restored momentarily!
Update
Feb 09 2024 at 5:10 AM
Update
Feb 09 2024 at 5:10 AM
We are continuing to work on and test our fix for these issues, it has been a long and painful process but our authorization flow will be now 100% more secure and reliable.
Identified
Feb 08 2024 at 10:32 PM
Identified
Feb 08 2024 at 10:32 PM
We have identified the root cause of ongoing insecurities within our Authorization flow and we are currently working on testing a permanent solution, along with this insecurity we have also caught and corrected some database corruption issues (with 0 lose of data thankfully) we have also applied some critical improvements to our authorization flows signature process.

All of these changes will be applied after testing is complete.
Investigating
Feb 08 2024 at 7:08 PM
Investigating
Feb 08 2024 at 7:08 PM
We have identified some insecurities in our authorization flow and are working on a permanent solution, to prevent any further issues/abuse our website has been shut down and will be back up soon!

CordX - Authorization Flow Insecurities – Incident details

All systems operational

Authorization Flow Insecurities