Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:22767
HistoryMar 24, 2020 - 2:02 a.m.

Brute-Force Attack

2020-03-2402:02:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11

EPSS

0.001

Percentile

42.6%

keycloak is vulnerable to brute-force attack. The failedLogin event is not sent to the BruteForceProtector when using Post Login Flow with Conditional-OTP, allowing an attacker to attempt multiple authentications and discover user credentials.

EPSS

0.001

Percentile

42.6%