Authentication Bypass Affecting keycloak-auth-utils Open this link in a new tab package, versions >=2.5.0 <3.1.0


0.0
critical
  • Attack Complexity

    Low

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    npm:keycloak-auth-utils:20170425

  • published

    31 Jan 2018

  • disclosed

    25 Apr 2017

  • credit

    Nick Shearer

Overview

keycloak-auth-utils provides grant-management utilities for keycloak.

Affected versioms of this package are vulnerable to Authentication Bypass. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

Remediation

Upgrade keycloak-auth-utils to version 3.0 or higher.