Lucene search
MITRECVE-2023-2422HistoryOct 04, 2023 - 10:59 a.m.
CVE-2023-2422
2023-10-0410:59:30
MITRE
web.nvd.nist.gov
97
cve-2023-2422
keycloak
mtls
authentication
oauth
openid
client certificate chain
data access
A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.
Related
cvelist
cvelist
CVE-2023-2422 Keycloak: oauth client impersonation
2023-10-04 10:59:30
veracode
veracode
Improper Certificate Validation
2023-07-02 10:51:17
prion
prion
Authentication flaw
2023-10-04 11:15:00
redhatcve
redhatcve
CVE-2023-2422
2023-06-26 18:48:09
osv
osv
github
github
Keycloak vulnerable to Improper Client Certificate Validation for OAuth/OpenID clients
2023-06-30 20:31:37
mTLS: When certificate authentication is done wrong
2023-08-17 21:22:26
nessus
nessus
redhat
redhat