Keycloak Authentication Bypass Vulnerability
CVE-2023-3597

5MEDIUM

Key Information:

Status
Red Hat Build Of Keycloak 22
Red Hat Build Of Keycloak 22.0.10
Rhsso 7.6.8
Vendor
CVE Published:
25 April 2024

What is CVE-2023-3597?

A security flaw exists in Keycloak, where the system fails to accurately validate client step-up authentication processes. This creates a potential risk whereby an authenticated remote user can register a fraudulent second authentication factor alongside an existing one. Utilizing this vulnerability, attackers could bypass the intended security measures, allowing them unauthorized access to sensitive resources. Proper validation mechanisms are crucial to ensure that the authentication process functions as intended, safeguarding against unauthorized actions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/errata/RHSA-2024:1866
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1867
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1868
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Red Hat would like to thank Johannes Bergmann (Bosch) for reporting this issue.
JSON
.