Lucene search
HistoryAug 26, 2022 - 4:15 p.m.
CVE-2021-3632
keycloak
unauthorized registration
webauthn
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.3%
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
Affected configurations
Node
redhatkeycloakRange<15.1.0
ORredhatsingle_sign-onMatch7.0
Node
redhatsingle_sign-onRange7.4–7.4.9
redhatenterprise_linuxMatch6.0
ORredhatenterprise_linuxMatch7.0
ORredhatenterprise_linuxMatch8.0
Related
redhatcve
redhatcve
CVE-2021-3632
2021-07-01 17:22:49
prion
prion
Design/Logic Flaw
2022-08-26 16:15:00
cvelist
cvelist
CVE-2021-3632
2022-08-26 15:25:41
osv
osv
Keycloak allows anyone to register new security device or key for any user by using WebAuthn password-less login flow
2022-08-27 00:00:45
CVE-2021-3632
2022-08-26 16:15:09
veracode
veracode
Insecure Login
2021-09-18 23:28:56
github
github
cve
cve
CVE-2021-3632
2022-08-26 16:15:09
redhat
redhat
nessus
nessus
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
65.3%
Related for NVD:CVE-2021-3632