Impact
An unknown number of users encountered difficulties trying to initiate new sessions on the Fluid Attacks Platform through Google (existing new sessions were unaffected, as well as new sessions from other authentication providers). The issue started on UTC-5 24-02-01 09:29 and was proactively discovered 3.6 hours (TTD) later by the product team during their regular workflow. No incident reports were received through our help desk. The problem was resolved in 43.2 minutes (TTF) resulting in a total impact of 4.3 hours (TTR) [1][2].
Cause
We have separate secret files for development and production. The secret was rotated in the development file, but this rotation was overlooked in the production file. This caused problems when trying to log in to the Platform, showing an `Unauthorized Access` message [3].
Solution
The secret was rotated in the production file [4].
Conclusion
Rotating secret can impact components. Work is in progress to implement a test that will help prevent rotation failures [5]. ROTATION_FAILURE < MISSING_TEST