7 matches found
RHEL 6 : Red Hat Single Sign-On 7.1 update on RHEL 6 (Moderate) (RHSA-2017:0872)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0872 advisory. Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-o...
RHEL 7 : Red Hat Single Sign-On 7.1 update on RHEL 7 (Moderate) (RHSA-2017:0873)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2017:0873 advisory. Red Hat Single Sign-On is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-o...
CVE-2017-2585
CVE-2017-2585 affects Red Hat Keycloak before version 2.5.1, where JWS token HMAC verification is implemented in non-constant time, potentially enabling timing attacks. Documents across OSV/GHSA/NVD reiterate this exact flaw for Keycloak; no explicit exploit details or affected version ranges bey...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.1 update on RHEL 6
Red Hat Single Sign-On 7.1 is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.1 update on RHEL 7
Red Hat Single Sign-On 7.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.1 update
Red Hat Single Sign-On 7.1 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
CVE-2017-2585
It was found that keycloak's implementation of HMAC verification for JWS tokens uses a method that runs in non-constant time, potentially leaving the application vulnerable to timing attacks...