CVE-2021-3513
published 2022-08-22CVE-2021-3513: A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | < 13.0.0 | 13.0.0 |
| redhat | keycloak | — | — |