Описание
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
Отчет
According to WildFly Elytron, this affects all versions of JBoss EAP from version 7.1. Red Hat build of Keycloak does not ship wildfly-elytron.
Меры по смягчению последствий
The effectiveness of an attack will also be dependent on the complexity of the usernames and passwords defined for the target installation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Build of Keycloak | org.wildfly.security/wildfly-elytron | Not affected | ||
| Red Hat Data Grid 8 | org.wildfly.security/wildfly-elytron | Affected | ||
| Red Hat Fuse 7 | org.wildfly.security/wildfly-elytron | Out of support scope | ||
| Red Hat Integration Camel K 1 | org.wildfly.security/wildfly-elytron | Will not fix | ||
| Red Hat JBoss Data Grid 7 | org.wildfly.security/wildfly-elytron | Out of support scope | ||
| Red Hat JBoss Enterprise Application Platform 7 | wildfly-elytron | Affected | ||
| Red Hat JBoss Enterprise Application Platform 8 | wildfly-elytron | Affected | ||
| Red Hat JBoss Enterprise Application Platform Expansion Pack | wildfly-elytron | Not affected | ||
| Red Hat Process Automation 7 | org.wildfly.security/wildfly-elytron | Out of support scope | ||
| Red Hat Single Sign-On 7 | org.wildfly.security/wildfly-elytron | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
Wildfly Elytron integration susceptible to brute force attacks via CLI
EPSS
8.1 High
CVSS3