Description

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

Related CPE's

a

redhat

keycloak

-

Vulnerable

a

redhat

single_sign-on

7.0

References

https://access.redhat.com/security/cve/CVE-2023-0105

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2023-0105

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-287

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-287

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-13T05:15:11.983Z

3 years ago

Last modified

2025-04-09T12:15:27.327Z

11 months ago