Описание
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| keycloak | itp | package |
EPSS
Связанные уязвимости
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
Уязвимость программного средства для управления идентификацией и доступом Keycloak, связанная с недостатками механизма аутентификации WebAuthn, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS