A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2024-04-25T12:20:11.606Z
Updated: 2024-06-04T17:17:32.549Z
Reserved: 2023-07-10T17:01:10.485Z
Link: CVE-2023-3597
JSON object: View
NVD Information
Status : Awaiting Analysis
Published: 2024-04-25T13:15:50.523
Modified: 2024-04-25T13:18:02.660
Link: CVE-2023-3597
JSON object: View
Redhat Information
No data.
CWE