CVE-2021-3424

CVSS v3.1 5.3 (Medium)

CVSS v2.0 5 (Medium)

EPSS 0.08 % (36^th)

Affected Products 1

Advisories 1

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.

Weaknesses

CWE-287: Improper Authentication
CWE-NVD-Other

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2021-06-01 19:15:07
(3 years ago)
Updated Date: 2022-04-25 19:49:27
(2 years ago)

Affected Products

Redhat

Single Sign-on

Configuration #1

		CPE23	From	Up To
	Redhat Single Sign-on 7.4	cpe:2.3:a:redhat:single_sign-on:7.4