CVE-2021-3754

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

History

01 Sep 2022, 16:00

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
References (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1999196 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1999196 - Issue Tracking, Vendor Advisory
References (MISC) https://access.redhat.com/security/cve/CVE-2021-3754 - (MISC) https://access.redhat.com/security/cve/CVE-2021-3754 - Vendor Advisory
First Time Redhat
Redhat single Sign-on
Redhat keycloak

26 Aug 2022, 17:17

Type Values Removed Values Added
New CVE

Information

Published : 2022-08-26 16:15

Updated : 2023-12-10 14:35


NVD link : CVE-2021-3754

Mitre link : CVE-2021-3754

CVE.ORG link : CVE-2021-3754


JSON object : View

Products Affected

redhat

  • keycloak
  • single_sign-on
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation