CVE-2018-10894

Summary

It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.

Affected Software

VendorProductVersion RangeStatus
Red Hatkeycloak3.4.3.Finalaffected

Weaknesses

  • CWE-345: CWE-345

ADP Enrichment

CVE Program Container

Additional References

References