A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.
Metrics
Affected Vendors & Products
References
History
Thu, 08 Aug 2024 06:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs |
Wed, 07 Aug 2024 10:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:red_hat_single_sign_on:7.6 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T12:20:11.606Z
Updated: 2024-09-16T18:54:27.149Z
Reserved: 2023-07-10T17:01:10.485Z
Link: CVE-2023-3597
Vulnrichment
Updated: 2024-08-02T07:01:56.985Z
NVD
Status : Awaiting Analysis
Published: 2024-04-25T13:15:50.523
Modified: 2024-08-07T10:15:39.240
Link: CVE-2023-3597
Redhat