Authentication Bypass
Affecting keycloak-auth-utils package, versions >=2.5.0 <3.1.0
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
keycloak-auth-utils provides grant-management utilities for keycloak.
Affected versioms of this package are vulnerable to Authentication Bypass. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Remediation
Upgrade keycloak-auth-utils to version 3.0 or higher.
References
CVSS Score
9.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- Credit
- Nick Shearer
- CVE
- CVE-2017-7474
- CWE
- CWE-287
- Snyk ID
- npm:keycloak-auth-utils:20170425
- Disclosed
- 25 Apr, 2017
- Published
- 31 Jan, 2018