CVE-2023-0105

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
References
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*

History

23 Jan 2023, 18:31

Type Values Removed Values Added
CWE CWE-287
CPE cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
References (MISC) https://access.redhat.com/security/cve/CVE-2023-0105 - (MISC) https://access.redhat.com/security/cve/CVE-2023-0105 - Vendor Advisory
First Time Redhat single Sign-on
Redhat keycloak
Redhat
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5

13 Jan 2023, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-13 06:15

Updated : 2023-12-10 14:48


NVD link : CVE-2023-0105

Mitre link : CVE-2023-0105

CVE.ORG link : CVE-2023-0105


JSON object : View

Products Affected

redhat

  • single_sign-on
  • keycloak
CWE
CWE-287

Improper Authentication