A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2021-3513 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1953439 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-08-22T14:45:08
Updated: 2022-08-22T14:45:08
Reserved: 2022-06-29T00:00:00
Link: CVE-2021-3513
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-08-22T15:15:13.420
Modified: 2022-08-23T18:35:48.837
Link: CVE-2021-3513
JSON object: View
Redhat Information
No data.