CVE-2016-8609
3.7
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Summary
It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | keycloak | 2.3.0 | affected |
Weaknesses
- CWE-384: CWE-384
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8609
- http://rhn.redhat.com/errata/RHSA-2016-2945.html
- http://www.securitytracker.com/id/1037460
- http://www.securityfocus.com/bid/95070
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8609
- http://rhn.redhat.com/errata/RHSA-2016-2945.html
- http://www.securitytracker.com/id/1037460
- http://www.securityfocus.com/bid/95070
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.