Lucene search
Veracode Vulnerability DatabaseVERACODE:5342HistoryOct 27, 2017 - 2:26 a.m.
Reusable Refresh Tokens
2017-10-2702:26:01
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
EPSS
0.002
Percentile
54.2%
Keycloak services has resuable refresh tokens. If an attacker using a pre-compromised system creates a refresh token pair, this token can be used indefinitely regardless of permission revocation.
Related
osv
osv
Keycloak Oauth Implementation Error
2022-05-13 01:23:16
cve
cve
CVE-2017-12160
2017-10-26 17:29:00
github
github
Keycloak Oauth Implementation Error
2022-05-13 01:23:16
redhatcve
redhatcve
CVE-2017-12160
2017-10-17 19:49:33
cvelist
cvelist
CVE-2017-12160
2017-10-17 00:00:00
prion
prion
Authentication flaw
2017-10-26 17:29:00
nvd
nvd
CVE-2017-12160
2017-10-26 17:29:00
nessus
nessus
RHEL 6 : rh-sso7-keycloak (RHSA-2017:2904)
2017-10-19 00:00:00
RHEL 7 : rh-sso7-keycloak (RHSA-2017:2905)
2017-10-19 00:00:00
redhat
redhat
(RHSA-2017:2904) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:36
(RHSA-2017:2906) Moderate: Red Hat Single Sign-On security update
2017-10-17 19:41:35
(RHSA-2017:2905) Moderate: rh-sso7-keycloak security update
2017-10-17 19:40:56