You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

All native users had password reset. Audit logs show OAT_CLIENT_APPID made the request.

edited Mar 8, 2025 12:07AM in OCI - General 3 comments

Summary:

Last night, three different times, some weird I.D. made an API call to reset all native user passwords that we have. The I.D. is OAT_CLIENT_APPID. Has anyone had experience with this?

Content (please ensure you mask any confidential information):

Basically what the title says. Last night, an I.D. that we do not have anywhere in our system used admin authority to reset the passwords of every native user we have, three times. We can see this in the OCI console through the various log pulls. The I.P. addresses of the API calls indicate that they originated from Oracle data centers. We do NOT have API management of our IAM service set up. I doublechecked all created applications and user I.D.s just to ensure there wasn't some sort of compromise somewhere in our system where a bad actor had created

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!