DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2023-3597

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2023-3597

CGA ID

CGA-mw98-8pc7-5256

Severity

5.0

Medium

CVSS V3

Summary

Keycloak secondary factor bypass in step-up authentication

Description

Keycloak does not correctly validate its client step-up authentication. A password-authed attacker could use this flaw to register a false second auth factor, alongside the existing one, to a targeted account. The second factor then permits step-up authentication.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images