VDB
EN
MEDIUM 4.3

GHSA-q6h7-xxp7-7429

Keycloak has an Authentication Bypass by Primary Weakness

상세

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication (CIBA) flow to bypass this brute-force protection. This allows continued authentication attempts and token issuance even when the account should be locked, potentially enabling further unauthorized access attempts.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

Maven / org.keycloak:keycloak-services
최초 영향 버전: 0

No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.

Maven / org.keycloak:keycloak-services
최초 영향 버전: 26.5.0

No fixed version published yet for org.keycloak:keycloak-services (maven). Pin to a known-safe version or switch to an alternative.

참고