CVE-2021-3632

2022-08-2615:25:41

CWE-287

redhat

www.cve.org

keycloak

flaw

unauthorized registration

webauthn

0.003 Low

EPSS

Percentile

65.3%

JSON

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.

CNA Affected

[
  {
    "product": "keycloak",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Fixed in v15.1.0"
      }
    ]
  }
]