A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-01-11T20:46:51.617Z

Updated: 2024-08-02T05:02:43.468Z

Reserved: 2023-01-06T22:29:12.661Z

Link: CVE-2023-0105

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2023-01-13T06:15:11.983

Modified: 2023-01-23T18:31:10.593

Link: CVE-2023-0105

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-01-06T00:00:00Z

Links: CVE-2023-0105 - Bugzilla