CVE-2023-6787 Keycloak: session hijacking via re-authentication

2024-04-2516:02:32

CWE-287

redhat

www.cve.org

keycloak

session hijacking

re-authentication mechanism

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

6.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter “prompt=login,” prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting “Restart login,” an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 22",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rhbk/keycloak-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "22.0.10-1",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:build_keycloak:22::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 22",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rhbk/keycloak-rhel9",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "22-13",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:build_keycloak:22::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 22",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "rhbk/keycloak-rhel9-operator",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "22-16",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:build_keycloak:22::el9"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat build of Keycloak 22.0.10",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "defaultStatus": "unaffected",
    "packageName": "keycloak-core",
    "cpes": [
      "cpe:/a:redhat:build_keycloak:22"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Single Sign-On 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "keycloak-core",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:red_hat_single_sign_on:7"
    ]
  }
]