A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2021-3754 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1999196 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
01 Sep 2022, 16:00
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
CWE | NVD-CWE-noinfo | |
CPE | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* |
|
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1999196 - Issue Tracking, Vendor Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2021-3754 - Vendor Advisory | |
First Time |
Redhat
Redhat single Sign-on Redhat keycloak |
26 Aug 2022, 17:17
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-26 16:15
Updated : 2023-12-10 14:35
NVD link : CVE-2021-3754
Mitre link : CVE-2021-3754
CVE.ORG link : CVE-2021-3754
JSON object : View
Products Affected
redhat
- keycloak
- single_sign-on
CWE