A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 16 Sep 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat build Of Keycloak
Redhat enterprise Linux Redhat keycloak Redhat openshift Container Platform Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform For Power Redhat openshift Container Platform Ibm Z Systems Redhat single Sign-on |
|
CPEs | cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Redhat build Of Keycloak
Redhat enterprise Linux Redhat keycloak Redhat openshift Container Platform Redhat openshift Container Platform For Linuxone Redhat openshift Container Platform For Power Redhat openshift Container Platform Ibm Z Systems Redhat single Sign-on |
Mon, 09 Sep 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhosemc
|
|
CPEs | cpe:/a:redhat:build_keycloak:22::el9 cpe:/a:redhat:red_hat_single_sign_on:7.6 cpe:/a:redhat:red_hat_single_sign_on:7.6::el7 cpe:/a:redhat:red_hat_single_sign_on:7.6::el8 cpe:/a:redhat:red_hat_single_sign_on:7.6::el9 cpe:/a:redhat:rhosemc:1.0::el8 |
|
Vendors & Products |
Redhat rhosemc
|
|
References |
|
|
Tue, 03 Sep 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 03 Sep 2024 21:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 03 Sep 2024 20:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems. | |
Title | Keycloak: potential bypass of brute force protection | |
First Time appeared |
Redhat
Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat red Hat Single Sign On |
|
Weaknesses | CWE-837 | |
CPEs | cpe:/a:redhat:build_keycloak:22 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:red_hat_single_sign_on:7 |
|
Vendors & Products |
Redhat
Redhat build Keycloak Redhat jboss Enterprise Application Platform Redhat red Hat Single Sign On |
|
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-09-03T19:42:01.318Z
Updated: 2024-11-24T18:42:07.474Z
Reserved: 2024-05-07T20:47:03.184Z
Link: CVE-2024-4629
Vulnrichment
Updated: 2024-11-14T16:59:26.284Z
NVD
Status : Modified
Published: 2024-09-03T20:15:09.003
Modified: 2024-11-21T09:43:14.917
Link: CVE-2024-4629
Redhat