CVE-2023-3597

A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.
Configurations

No configuration.

History

21 Nov 2024, 08:17

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2024:1867 - () https://access.redhat.com/errata/RHSA-2024:1867 -
References () https://access.redhat.com/errata/RHSA-2024:1868 - () https://access.redhat.com/errata/RHSA-2024:1868 -
References () https://access.redhat.com/security/cve/CVE-2023-3597 - () https://access.redhat.com/security/cve/CVE-2023-3597 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=2221760 - () https://bugzilla.redhat.com/show_bug.cgi?id=2221760 -

07 Aug 2024, 10:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en Keycloak, donde no valida correctamente la autenticación incremental de su cliente en org.keycloak.authentication. Esta falla permite que un usuario remoto autenticado con una contraseña registre un segundo factor de autenticación falso junto con uno existente y omita la autenticación.
References
  • () https://access.redhat.com/errata/RHSA-2024:1866 -

25 Apr 2024, 13:18

Type Values Removed Values Added
New CVE

Information

Published : 2024-04-25 13:15

Updated : 2024-11-21 08:17


NVD link : CVE-2023-3597

Mitre link : CVE-2023-3597

CVE.ORG link : CVE-2023-3597


JSON object : View

Products Affected

No product.

CWE
CWE-287

Improper Authentication