Lucene search

PRIOn knowledge basePRION:CVE-2021-3632

HistoryAug 26, 2022 - 4:15 p.m.

Design/Logic Flaw

2022-08-2616:15:00

PRIOn knowledge base

www.prio-n.com

keycloak

flaw

security device registration

webauthn

vulnerability

7.3 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.

CPENameOperatorVersion
keycloaklt15.1.0
single_sign-oneq7.0
single_sign-onge7.4
single_sign-onlt7.4.9

Name	Operator	Version
keycloak	lt	15.1.0
single_sign-on	eq	7.0
single_sign-on	ge	7.4
single_sign-on	lt	7.4.9

References

access.redhat.com/security/cve/CVE-2021-3632

bugzilla.redhat.com/show_bug.cgi?id=1978196

github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4

github.com/keycloak/keycloak/pull/8203

issues.redhat.com/browse/KEYCLOAK-18500