2 matches found
CVE-2019-10157
CVE-2019-10157 affects Keycloak’s Node.js adapter prior to 4.8.3. The vulnerability arises from improper verification of the web token received during backchannel logout, enabling a local attacker to craft a malicious JWT with an manipulated NBF value that could prevent a user from gaining access...
CVE-2019-10157
It was found that Keycloak's Node.js adapter did not properly verify the web token received from the server in its backchannel logout. An attacker with local access could use this to construct a malicious web token setting an NBF parameter that could prevent user access indefinitely...