A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.
History

Thu, 23 Jan 2025 01:45:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Wed, 22 Jan 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 22 Jan 2025 14:45:00 +0000

Type Values Removed Values Added
Description A flaw was found in Keycloak. When an Active Directory user resets their password, the system updates it without performing an LDAP bind to validate the new credentials against AD. This vulnerability allows users whose AD accounts are expired or disabled to regain access in Keycloak, bypassing AD restrictions. The issue enables authentication bypass and could allow unauthorized access under certain conditions.
Title Keycloak-ldap-federation: authentication bypass due to missing ldap bind after password reset in keycloak
First Time appeared Redhat
Redhat build Keycloak
Redhat red Hat Single Sign On
Weaknesses CWE-287
CPEs cpe:/a:redhat:build_keycloak:
cpe:/a:redhat:red_hat_single_sign_on:7
Vendors & Products Redhat
Redhat build Keycloak
Redhat red Hat Single Sign On
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2025-01-22T14:34:45.923Z

Updated: 2025-01-22T15:06:01.864Z

Reserved: 2025-01-20T11:35:33.280Z

Link: CVE-2025-0604

cve-icon Vulnrichment

Updated: 2025-01-22T15:05:58.258Z

cve-icon NVD

Status : Received

Published: 2025-01-22T15:15:14.827

Modified: 2025-01-22T15:15:14.827

Link: CVE-2025-0604

cve-icon Redhat

Severity : Moderate

Publid Date: 2025-01-20T00:00:00Z

Links: CVE-2025-0604 - Bugzilla