Account takeover prevention
Back to home
  1. VNIS Help Center
  2. Origin Shield
  3. Account takeover prevention

How to use credential stuffing check?

Introduction

Common threats from credential stuffing

Credential stuffing is a cyberattack method in which attackers use previously stolen or leaked usernames and passwords to gain unauthorized access to accounts on various platforms. Attackers exploit the fact that many users reuse passwords across multiple sites, allowing them to automate login attempts on multiple platforms.

Credential stuffing attacks pose significant risks to both users and organizations, including unauthorized access to accounts, data breaches, financial losses, and damage to an organization's reputation.

About credential stuffing check rules

Credential stuffing check rules which contain predefined rules for popular CMS applications. By enabling the rule, you immediately enable checks for exposed credentials for this specific application.

The Origin shield can perform one of the following actions when it detects exposed credentials:

  • Warning Header - Adds a new HTTP header, X-Credential-Leaked and its value is 1, to HTTP requests with exposed credentials. Your application at the origin can then force a password reset, start a two-factor authentication process, or perform any other action.
  • Log - Logs requests with exposed credentials in the WAF logs. Recommended for validating a rule before committing to a more severe action.

To create a new failed login rule:

  1. From the left menu, select Origin Shield > Account takeover prevention.
    1. Select one rule template or click Add rule to create a custom rule, the create credential stuffing check rule page opens.
    2. Set the appropriate options.
      1. Rule name: a name for this rule. This name is for your reference only and can include up to 30 characters.
      2. Path: the url for login page.
      3. Payload type: indicate the data type of the request body.
      4. Account attribute name: name of input username field.
      5. Password attribute name: name of input password field.
  2. Set the action to perform, rule can perform one of the following actions when it detects failed login attempts:
    1. Warning header: add X-Credential-Leaked header in request header.
    2. Log: Logs requests with exposed credentials in the logs.

Conclusion

Credential Stuffing Check function is a critical tool for safeguarding against credential stuffing attacks, which have the potential to cause significant harm to both organizations and their users. By implementing this function as part of a comprehensive cybersecurity strategy, organizations can enhance their security posture, protect user accounts, and preserve their reputation in an increasingly digital world. It serves as a proactive defense against a prevalent and persistent threat, contributing to a safer online environment for all.