Описание
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
Ссылки
- Vendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
- PatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
- Permissions RequiredVendor Advisory
Уязвимые конфигурации
Одно из
Одновременно
Одно из
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
A flaw was found in Keycloak. This vulnerability allows anyone to regi ...
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
Уязвимость программного средства для управления идентификацией и доступом Keycloak, связанная с недостатками механизма аутентификации WebAuthn, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
7.5 High
CVSS3