A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:6493 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2024:6494 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2024:6495 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2024:6497 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2024:6499 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2024:6500 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2024:6501 | Vendor Advisory |
https://access.redhat.com/security/cve/CVE-2024-4629 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2276761 | Issue Tracking Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
16 Sep 2024, 15:51
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat openshift Container Platform Ibm Z Systems
Redhat Redhat single Sign-on Redhat build Of Keycloak Redhat enterprise Linux Redhat openshift Container Platform For Linuxone Redhat keycloak Redhat openshift Container Platform For Power Redhat openshift Container Platform |
|
References | () https://access.redhat.com/errata/RHSA-2024:6493 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2024:6494 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2024:6495 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2024:6497 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2024:6499 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2024:6500 - Vendor Advisory | |
References | () https://access.redhat.com/errata/RHSA-2024:6501 - Vendor Advisory | |
References | () https://access.redhat.com/security/cve/CVE-2024-4629 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2276761 - Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:*:*:*:*:*:*:* cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:* |
09 Sep 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Sep 2024, 13:05
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
03 Sep 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-03 20:15
Updated : 2024-09-16 15:51
NVD link : CVE-2024-4629
Mitre link : CVE-2024-4629
CVE.ORG link : CVE-2024-4629
JSON object : View
Products Affected
redhat
- single_sign-on
- openshift_container_platform
- keycloak
- openshift_container_platform_for_linuxone
- build_of_keycloak
- openshift_container_platform_for_power
- openshift_container_platform_ibm_z_systems
- enterprise_linux
CWE
CWE-837
Improper Enforcement of a Single, Unique Action