Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-3171

Malicious code in bioql PyPI...

4.8CVSS5.1AI score0.00393EPSS
Exploits0References7
Veracode
Veracode
added 2024/09/10 8:10 a.m.10 views

Expired OTP Usage

Keycloak is vulnerable to Expired OTP Usage. The vulnerability is due to OTP codes generated by FreeOTP remaining valid for an additional 30 seconds beyond their expiration time, increasing the attack window and surface by allowing two OTPs to be valid simultaneously...

4.8CVSS5AI score0.00393EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2024/09/09 9:31 p.m.19 views

GHSA-57RH-GR4V-J5F6 Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmmm-jw76-q7vg. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token perio...

6.3CVSS5.2AI score0.00393EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2024/09/09 9:31 p.m.25 views

Duplicate Advisory: Keycloak Uses a Key Past its Expiration Date

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xmmm-jw76-q7vg. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token perio...

4.8CVSS5.6AI score0.00393EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2024/09/09 7:15 p.m.56 views

CVE-2024-7318

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...

4.8CVSS0.00393EPSS
Exploits0References4
CVE
CVE
added 2024/09/09 6:50 p.m.283 views

CVE-2024-7318

CVE-2024-7318 (Keycloak) describes an OTP expiry flaw: when using FreeOTP with the default 30-second token period, expired codes can still be used, effectively making OTPs valid for 60 seconds. This creates an attack window and doubles the number of valid OTPs at any time, potentially allowing ac...

4.8CVSS5.2AI score0.00393EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/09/09 6:50 p.m.64 views

CVE-2024-7318 Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds default. Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passco...

4.8CVSS0.00393EPSS
Exploits0References4
Rows per page
Query Builder