CVE-2023-6787

CWE-287Improper AuthenticationCWE-384CWE-613Insufficient Session Expiration5 documents5 sources
Severity
8.8HIGH
EPSS
0.4%
top 37.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Keycloak
Timeline
PublishedApr 25

Description

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previou

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDredhat/keycloak23.0.024.0.3+1
Mavenorg.keycloak:keycloak-services23.0.024.0.3+1

🔴Vulnerability Details

3
CVEList
Keycloak: session hijacking via re-authentication2024-04-25
GHSA
Keycloak vulnerable to session hijacking via re-authentication2024-04-17
OSV
Keycloak vulnerable to session hijacking via re-authentication2024-04-17

📋Vendor Advisories

1
Red Hat
keycloak: session hijacking via re-authentication2024-02-21