CVE-2020-1744

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

History

14 Sep 2021, 13:30

Type Values Removed Values Added
CWE CWE-200 CWE-755

Information

Published : 2020-03-24 14:15

Updated : 2023-12-10 13:27


NVD link : CVE-2020-1744

Mitre link : CVE-2020-1744

CVE.ORG link : CVE-2020-1744


JSON object : View

Products Affected

redhat

  • keycloak
CWE
CWE-755

Improper Handling of Exceptional Conditions