Описание
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
It was found that the keycloak did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Single Sign-On 7 | rh-sso7-keycloak | Not affected | ||
| Red Hat Single Sign-On 7.0 | Fixed | RHSA-2016:2945 | 13.12.2016 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS3
4.9 Medium
CVSS2
Связанные уязвимости
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
It was found that the keycloak before 2.3.0 did not implement authenti ...
Improper Authentication in org.keycloak:keycloak-core
EPSS
3.7 Low
CVSS3
4.9 Medium
CVSS2