Описание
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
Ссылки
- Vendor Advisory
- Issue TrackingVendor Advisory
- Vendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.12319
Средний
5.3 Medium
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 3.7
redhat
больше 3 лет назад
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
CVSS3: 5.3
debian
больше 3 лет назад
A flaw was found in keycloak where an attacker is able to register him ...
CVSS3: 3.7
github
больше 1 года назад
Keycloak's improper input validation allows using email as username
EPSS
Процентиль: 94%
0.12319
Средний
5.3 Medium
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo