Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Single Sign-On Security Vulnerabilities - 2018

cve
cve

CVE-2018-10894

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

5.4CVSS

5.8AI Score

0.001EPSS

2018-08-01 05:29 PM
51
cve
cve

CVE-2018-10912

keycloak before version 4.0.0.final is vulnerable to a infinite loop in session replacement. A Keycloak cluster with multiple nodes could mishandle an expired session replacement and lead to an infinite loop. A malicious authenticated user could use this flaw to achieve Denial of Service on the ser...

4.9CVSS

4.8AI Score

0.001EPSS

2018-07-23 10:29 PM
63
cve
cve

CVE-2018-14655

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'response_mode=form_post' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login.

5.4CVSS

5.7AI Score

0.001EPSS

2018-11-13 07:29 PM
40
cve
cve

CVE-2018-14657

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

8.1CVSS

7.8AI Score

0.002EPSS

2018-11-13 07:29 PM
37