Lucene search
RedhatCVELIST:CVE-2017-12160HistoryOct 17, 2017 - 12:00 a.m.
CVE-2017-12160
2017-10-1700:00:00
CWE-285
redhat
www.cve.org
25
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
CNA Affected
[
{
"product": "keycloak",
"vendor": "Red Hat, Inc.",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
]Related
osv
osv
Keycloak Oauth Implementation Error
2022-05-13 01:23:16
cve
cve
CVE-2017-12160
2017-10-26 17:29:00
github
github
Keycloak Oauth Implementation Error
2022-05-13 01:23:16
veracode
veracode
Reusable Refresh Tokens
2017-10-27 02:26:01
prion
prion
Authentication flaw
2017-10-26 17:29:00
nvd
nvd
CVE-2017-12160
2017-10-26 17:29:00
redhatcve
redhatcve
CVE-2017-12160
2017-10-17 19:49:33
nessus
nessus
RHEL 6 : rh-sso7-keycloak (RHSA-2017:2904)
2017-10-19 00:00:00
RHEL 7 : rh-sso7-keycloak (RHSA-2017:2905)
2017-10-19 00:00:00
redhat
redhat
(RHSA-2017:2904) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:36
(RHSA-2017:2906) Moderate: Red Hat Single Sign-On security update
2017-10-17 19:41:35
(RHSA-2017:2905) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:56