1. Home
  2. Vulnerabilities
  3. CVE-2023-3597

CVE-2023-3597

CVSS v3.1 5 (Medium)
50% Progress
EPSS 0.04 % (16th)
0.04% Progress
Advisories 1
NVD Status Awaiting Analysis
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Graph Web & Social Timeline

A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.

Weaknesses
CWE-287
Improper Authentication
CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
Red Hat, Inc.
Published Date
2024-04-25 13:15:50
(4 months ago)
Updated Date
2024-08-07 10:15:39
(5 weeks ago)