3 matches found
Keycloak Resource Privilege Extension Vulnerability
Keycloak oauth is an OAuth-based authentication and authorization system that improves the security of secure system development. A resource privilege extension vulnerability exists in Keycloak oauth. An attacker can exploit this vulnerability to continue to enjoy privileges that have been revoke...
keycloak: resource privilege extension via access token in oauth
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...
keycloak: resource privilege extension via access token in oauth
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself...