2 matches found
CVE-2025-12150
Keycloak WebAuthn registration component is affected by CVE-2025-12150. An attacker can bypass the realm’s attestation policy by submitting an attestation object with fmt: "none", enabling registration of untrusted/ forged authenticators and weakening authentication integrity. The issue arises de...
Missing Critical Step in Authentication
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Missing Critical Step in Authentication in the WebAuthn Attestation Statement verification. An attacker can...