The vulnerability of the WebAuthn authentication mechanism in the Keycloak software for managing identification and access allows a perpetrator to influence the integrity of the protected information.

🗓️ 11 Dec 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

Keycloak WebAuthn flaw in registration log handling may allow tampering with data integrity.

Reporter	Title	Published	Views	Family All 47
Circl	CVE-2023-6484	7 Sep 202501:32	–	circl
CNNVD	Red Hat Keycloak Security Vulnerability	4 Dec 202300:00	–	cnnvd
CVE	CVE-2023-6484	25 Apr 202415:58	–	cve
Cvelist	CVE-2023-6484 Keycloak: log injection during webauthn authentication or registration	25 Apr 202415:58	–	cvelist
EUVD	EUVD-2024-1229	3 Oct 202520:07	–	euvd
Github Security Blog	Keycloak vulnerable to log Injection during WebAuthn authentication or registration	17 Apr 202418:24	–	github
NVD	CVE-2023-6484	25 Apr 202416:15	–	nvd
OSV	GHSA-J628-Q885-8GR5 Keycloak vulnerable to log Injection during WebAuthn authentication or registration	17 Apr 202418:24	–	osv
OSV	RHSA-2024:0798 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 7	30 Sep 202410:15	–	osv
OSV	RHSA-2024:0799 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.7 security update on RHEL 8	30 Sep 202410:16	–	osv

Vulners

Node

red_hat red_hat_single_sign-onMatch7

OR

red_hat keycloakMatch22.0.5

Source	Link
access	www.access.redhat.com/security/cve/cve-2023-6484
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
vuldb	www.vuldb.com/ru/
security	www.security.snyk.io/vuln/SNYK-RHEL8-RHSSO7KEYCLOAKSERVER-6097475
github	www.github.com/keycloak/keycloak/issues/25078
web	www.web.nvd.nist.gov/view/vuln/detail

11 Dec 2023 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 25

CVSS 35.3

EPSS0.01008

keycloak vulnerability web authentication registration logs log handling data integrity