Unable to access Fluid Attacks platform
Incident Report for Fluid Attacks
Postmortem

Impact

An unknown number of users encountered difficulties trying to initiate new sessions on the Fluid Attacks Platform through Google (existing new sessions were unaffected, as well as new sessions from other authentication providers). The issue started on UTC-5 24-02-01 09:29 and was proactively discovered 3.6 hours (TTD) later by the product team during their regular workflow. No incident reports were received through our help desk. The problem was resolved in 43.2 minutes (TTF) resulting in a total impact of 4.3 hours (TTR) [1][2].

Cause

We have separate secret files for development and production. The secret was rotated in the development file, but this rotation was overlooked in the production file. This caused problems when trying to log in to the Platform, showing an `Unauthorized Access` message [3].

Solution

The secret was rotated in the production file [4].

Conclusion

Rotating secret can impact components. Work is in progress to implement a test that will help prevent rotation failures [5]. ROTATION_FAILURE < MISSING_TEST

Posted Feb 01, 2024 - 17:33 GMT-05:00
Resolved
The platform has regained accessibility and is now operating normally.
Posted Feb 01, 2024 - 14:18 GMT-05:00
Identified
The app.fluidattacks.com platform is experiencing issues with access.
Posted Feb 01, 2024 - 12:55 GMT-05:00
This incident affected: Platform.
Current Status Powered by Atlassian Statuspage