TLS Hostname Verification Flaw in Keycloak by Red Hat
CVE-2020-1758
5.3MEDIUM
Summary
A flaw in Keycloak versions prior to 10.0.0 allows attackers to circumvent TLS hostname verification when sending emails via an SMTP server. This oversight can enable a man-in-the-middle (MITM) attack, compromising sensitive email communications and exposing personal information. Proper security measures should be implemented to mitigate the risk of unauthorized intercepts during email transmissions, thus ensuring the integrity and confidentiality of the data.
Affected Version(s)
keycloak keycloak versions before 10.0.0
References
CVSS V3.1
Score:
5.3
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved