Lucene search

K
cvelistRedhatCVELIST:CVE-2020-1744
HistoryMar 24, 2020 - 12:00 a.m.

CVE-2020-1744

2020-03-2400:00:00
CWE-755
redhat
www.cve.org
3

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

42.6%

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "keycloak",
    "versions": [
      {
        "version": "all keycloak versions prior to 9.0.1",
        "status": "affected"
      }
    ]
  }
]

CVSS3

5.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

42.6%