Credential stuffing is used to perform account takeover attacks through automated injection of breached username/password pairs. This method uses stolen email and password logins from other sources to gain unauthorized access to accounts. Attackers leverage large number of leaked credentials in an automated fashion against numerous websites, in an attempt to take over user’s accounts due to credential reuse. The attacker acquires these spilled usernames and passwords from a website breach, uses an account checker (like SentryMBA) to test the stolen credentials against many websites. Successful logins allow the attacker to take over the account matching the stolen credentials.
The Barracuda Advanced Bot Protection system uses a cloud-based database of breached credentials to validate incoming login requests. When a match for the incoming credentials is found, Barracuda WAF is configured to alert or block such login requests.
The BOT MITIGATION > Bot Mitigation page allows you to enable Credential Stuffing Protection.
- On the BOT MITIGATION > Bot Mitigation page, locate the desired Bot Mitigation policy and click Edit in the Options column next to it. Configure the following values to enable Credential Stuffing Protection:
- Username – Specifies the username field in the web page from which the actual username can be extracted by the WAF.
- Password – Specifies the password field in the web page from which the actual password can be extracted by the WAF.
- Click Save to save the above settings.