CVE-2017-7474

Summary

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

Affected Software

VendorProductVersion RangeStatus
Red Hat, Inc.Keycloak Node.js adapter2.5 - 3.0affected

Weaknesses

  • CWE-253: CWE-253

ADP Enrichment

CVE Program Container

Additional References

References