org.keycloak:keycloak-core@23.0.2 vulnerabilities

latest version

24.0.2
first published

10 years ago
latest version published

a month ago
licenses detected
- Apache-2.0
  [1.0-alpha-1,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.keycloak:keycloak-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Overly Restrictive Account Lockout Mechanism org.keycloak:keycloak-core is an open source identity and access management solution. Affected versions of this package are vulnerable to Overly Restrictive Account Lockout Mechanism due to a flaw in the account lockout mechanism. This issue may allow a remote unauthenticated attacker to prevent legitimate users from accessing their accounts by exploiting the account lockout functionality. Note: This is only exploitable if the realm is configured to use "User (Self) registration", the user registers with a username in email format, and the attacker discovers a valid email address for an account. How to fix Overly Restrictive Account Lockout Mechanism? There is no fixed version for `org.keycloak:keycloak-core`.	[0,)
L Improper Input Validation org.keycloak:keycloak-core is an open source identity and access management solution. Affected versions of this package are vulnerable to Improper Input Validation where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. How to fix Improper Input Validation? There is no fixed version for `org.keycloak:keycloak-core`.	[0,)

Overly Restrictive Account Lockout Mechanism

org.keycloak:keycloak-core is an open source identity and access management solution.

Affected versions of this package are vulnerable to Overly Restrictive Account Lockout Mechanism due to a flaw in the account lockout mechanism. This issue may allow a remote unauthenticated attacker to prevent legitimate users from accessing their accounts by exploiting the account lockout functionality.

Note:

This is only exploitable if the realm is configured to use "User (Self) registration", the user registers with a username in email format, and the attacker discovers a valid email address for an account.

How to fix Overly Restrictive Account Lockout Mechanism?

There is no fixed version for org.keycloak:keycloak-core.

[0,)

Improper Input Validation

org.keycloak:keycloak-core is an open source identity and access management solution.

Affected versions of this package are vulnerable to Improper Input Validation where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.

How to fix Improper Input Validation?

There is no fixed version for org.keycloak:keycloak-core.

[0,)

Go back to all versions of this package

org.keycloak:keycloak-core@23.0.2 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities