A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NRed Hat Build Of Keycloak
APPRedhat22.0 – 22.012 (bez)Red Hat Enterprise Linux
OSRedhat7.08.09.0Red Hat Keycloak
APPRedhat< 24.0.3Red Hat OpenShift Container Platform
APPRedhat4.114.12Red Hat Openshift Container Platform For Linuxone
APPRedhat4.104.9Red Hat Openshift Container Platform For Power
APPRedhat4.104.9Red Hat Openshift Container Platform IBM Z Systems
APPRedhat4.104.9Red Hat Single Sign On
APPRedhat7.6 – 7.6.10 (bez)
Powiązane podatności
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...