3 matches found
User Impersonation
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to User Impersonation through the SessionCodeChecks logic in SessionCodeChecks.java. An attacker can reuse an...
Improper Validation of Syntactic Correctness of Input
Overview org.keycloak:keycloak-saml-core is an Identity and Access Management plugin for Keycloak. Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the SAMLParser and SAML11ParserUtil code paths that handle SAML 1.1 assertions and protoc...
Replay Attack
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Replay Attack through the RequiredActionFactory and required-action implementations in the authentication flo...