CVE-2016-8609
published 2018-08-01CVE-2016-8609: It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from…
high8.1CVSS 3.0
AVNACLPRNUIRSUCHIHAN
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| red_hat | keycloak | — | — |
| redhat | keycloak | < 2.3.0 | 2.3.0 |