Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has a security vulnerability, which stems from an authentication flaw in the WebAuthn process. This flaw allows remote attackers to reissue the ExecuteActionsActionToken token, enabling them ...

SUSE CVE-2020-12692

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times...

Man-in-the-Middle (MitM)

openstack keystone is vulnerable to man-in-the-middle attack. Lack of signature TTL check to verify the timestamp in the AWS Signature V4 token signature allows an attacker to sniff an Authorization header in a man-in-the-middle attack and reuse the header to reissue openstack tokens...

DEBIAN-CVE-2020-12692

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times...

PYSEC-2020-56

An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0.0. The EC2 API doesn't have a signature TTL check for AWS Signature V4. An attacker can sniff the Authorization header, and then use it to reissue an OpenStack token an unlimited number of times...