CVE-2021-3424Improper Authentication in Redhat Keycloak

CWE-287Improper Authentication10 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 62.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat KeycloakRedhat Single Sign-on
Timeline
PublishedJun 1
Latest updateApr 19

Description

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5redhat/keycloakas shipped in Red Hat Single Sign-On 7.4

🔴Vulnerability Details

8
OSV
linux-snapdragon vulnerabilities2023-04-19
OSV
linux-gcp vulnerabilities2023-04-11
OSV
linux-gcp-4.15 vulnerabilities2023-03-31
OSV
linux, linux-aws, linux-dell300x, linux-kvm, linux-oracle, linux-raspi2 vulnerabilities2023-03-29
OSV
linux-aws-hwe, linux-hwe, linux-oracle vulnerabilities2023-03-28

📋Vendor Advisories

1
Red Hat
keycloak: Internationalized domain name (IDN) homograph attack to impersonate users2021-03-08
CVE-2021-3424 — Improper Authentication in Redhat | cvebase