Replay Attack Vulnerability in Keycloak by Red Hat
CVE-2018-14637
6.1MEDIUM
What is CVE-2018-14637?
The SAML broker consumer endpoint in Keycloak prior to version 4.6.0.Final fails to properly enforce expiration conditions on SAML assertions. This oversight enables attackers to exploit this vulnerability to conduct replay attacks, potentially allowing unauthorized access to sensitive resources. Organizations using affected versions should upgrade to the latest release to mitigate this risk.
Affected Version(s)
keycloak 4.6.0.Final
References
CVSS V3.1
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
CVSS V3.0
Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved