2 matches found
GHSA-C9H6-V78W-52WJ Keycloak vulnerable to session hijacking via re-authentication
A flaw was found in Keycloak. An active keycloak session can be hijacked by initiating a new authentication having the query parameter prompt=login and forcing the user to enter his credentials once again. If the user cancels this re-authentication by clicking Restart login, the account takeover...
PT-2024-2167 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: The issue is related to a flaw in the re-authentication mechanism within Keycloak, specifically in the org.keycloak.authentication module. This flaw allows an attacker to hijack an active...