MEDIUM🇬🇧 English

CVE-2024-4629

CVSS 6.5v3.1pub. 2024-09-03upd. 2024-11-21

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
  • Red Hat Build Of Keycloak

    APP
    Redhat
    22.0 – 22.012 (bez)
  • Red Hat Enterprise Linux

    OS
    Redhat
    7.08.09.0
  • Red Hat Keycloak

    APP
    Redhat
    < 24.0.3
  • Red Hat OpenShift Container Platform

    APP
    Redhat
    4.114.12
  • Red Hat Openshift Container Platform For Linuxone

    APP
    Redhat
    4.104.9
  • Red Hat Openshift Container Platform For Power

    APP
    Redhat
    4.104.9
  • Red Hat Openshift Container Platform IBM Z Systems

    APP
    Redhat
    4.104.9
  • Red Hat Single Sign On

    APP
    Redhat
    7.6 – 7.6.10 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-7609CRITICAL10.0⚠ KEVten sam produkt

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...

CVE-2019-1003030CRITICAL9.9⚠ KEVten sam produkt

A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...

CVE-2019-1003029CRITICAL9.9⚠ KEVten sam produkt

A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...