Описание
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Fuse 7 | keycloak | Fix deferred | ||
| Red Hat Mobile Application Platform 4 | keycloak | Out of support scope | ||
| Red Hat Single Sign-On 7.2.5 zip | Fixed | RHSA-2018:3595 | 13.11.2018 | |
| Red Hat Single Sign-On 7.2 for RHEL 6 | rh-sso7-keycloak | Fixed | RHSA-2018:3592 | 13.11.2018 |
| Red Hat Single Sign-On 7.2 for RHEL 7 | rh-sso7-keycloak | Fixed | RHSA-2018:3593 | 13.11.2018 |
Показывать по
10
Дополнительная информация
Статус:
Low
Дефект:
CWE-307
https://bugzilla.redhat.com/show_bug.cgi?id=1625404keycloak: brute force protection not working for the entire login workflow
EPSS
Процентиль: 58%
0.00365
Низкий
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 8.1
nvd
около 7 лет назад
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.
CVSS3: 8.1
debian
около 7 лет назад
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabl ...
EPSS
Процентиль: 58%
0.00365
Низкий
5.4 Medium
CVSS3