A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.
History

Thu, 08 Aug 2024 06:00:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:red_hat_single_sign_on:7

Wed, 07 Aug 2024 10:15:00 +0000

Type Values Removed Values Added
CPEs cpe:/a:redhat:red_hat_single_sign_on:7.6
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-25T12:20:11.606Z

Updated: 2024-09-16T18:54:27.149Z

Reserved: 2023-07-10T17:01:10.485Z

Link: CVE-2023-3597

cve-icon Vulnrichment

Updated: 2024-08-02T07:01:56.985Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-25T13:15:50.523

Modified: 2024-08-07T10:15:39.240

Link: CVE-2023-3597

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-04-15T00:00:00Z

Links: CVE-2023-3597 - Bugzilla