3 matches found
Improper Certificate Validation
Overview org.apache.storm:storm-metrics-prometheus is a Distributed and fault-tolerant realtime computation Affected versions of this package are vulnerable to Improper Certificate Validation in the INSECURECONNECTIONFACTORY calls. An attacker can intercept sensitive data and credentials by...
PT-2023-5099 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: The issue is related to errors in the certificate authentication procedure. An attacker may be able to choose a certificate that will be validated by the server if the "Revalidate Client...
CVE-2023-1664
A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If...