A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-0105 | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
23 Jan 2023, 18:31
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-287 | |
CPE | cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:* |
|
References | (MISC) https://access.redhat.com/security/cve/CVE-2023-0105 - Vendor Advisory | |
First Time |
Redhat single Sign-on
Redhat keycloak Redhat |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
13 Jan 2023, 06:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-13 06:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-0105
Mitre link : CVE-2023-0105
CVE.ORG link : CVE-2023-0105
JSON object : View
Products Affected
redhat
- single_sign-on
- keycloak
CWE
CWE-287
Improper Authentication