Lucene search
PRIOn knowledge basePRION:CVE-2017-12160HistoryOct 26, 2017 - 5:29 p.m.
Authentication flaw
2017-10-2617:29:00
PRIOn knowledge base
www.prio-n.com
7
It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.
Related
cve
cve
CVE-2017-12160
2017-10-26 17:29:00
osv
osv
Keycloak Oauth Implementation Error
2022-05-13 01:23:16
github
github
Keycloak Oauth Implementation Error
2022-05-13 01:23:16
cvelist
cvelist
CVE-2017-12160
2017-10-17 00:00:00
redhatcve
redhatcve
CVE-2017-12160
2017-10-17 19:49:33
nvd
nvd
CVE-2017-12160
2017-10-26 17:29:00
veracode
veracode
Reusable Refresh Tokens
2017-10-27 02:26:01
nessus
nessus
RHEL 6 : rh-sso7-keycloak (RHSA-2017:2904)
2017-10-19 00:00:00
RHEL 7 : rh-sso7-keycloak (RHSA-2017:2905)
2017-10-19 00:00:00
redhat
redhat
(RHSA-2017:2904) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:36
(RHSA-2017:2906) Moderate: Red Hat Single Sign-On security update
2017-10-17 19:41:35
(RHSA-2017:2905) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:56