A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 21 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 08 Aug 2024 06:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:red_hat_single_sign_on:7

Wed, 07 Aug 2024 10:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:red_hat_single_sign_on:7.6
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-08-30T04:39:24.451Z

Reserved: 2023-07-10T17:01:10.485Z

Link: CVE-2023-3597

cve-icon Vulnrichment

Updated: 2024-08-02T07:01:56.985Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-25T13:15:50.523

Modified: 2024-11-21T08:17:38.007

Link: CVE-2023-3597

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-04-15T00:00:00Z

Links: CVE-2023-3597 - Bugzilla

cve-icon OpenCVE Enrichment

No data.