Improper Authentication in HYPR Keycloak Authenticator Extension
CVE-2023-1477

7.2HIGH

Key Information:

Vendor: Hypr
Status: Keycloak Authenticator Extension
Vendor: CVE Published:; 28 April 2023

What is CVE-2023-1477?

The HYPR Keycloak Authenticator Extension has a vulnerability that allows for authentication abuse due to improper authentication mechanisms. This issue affects versions prior to 7.10.2 and 8.0.3, potentially exposing users to unauthorized access and exploitation. It is crucial for organizations utilizing this extension to implement the recommended updates and secure their authentication processes to prevent exploitation.

Affected Version(s)

Keycloak Authenticator Extension 0 < 7.10.2

Keycloak Authenticator Extension 0 < 8.0.3

References

https://www.hypr.com/security-advisories

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2023
Vulnerability Reserved
Mar 17, 2023

Hypr

What is CVE-2023-1477?

Affected Version(s)

References

CVSS V3.1

Timeline