CVE-2020-1744
5.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | keycloak | all keycloak versions prior to 9.0.1 | affected |
Weaknesses
- CWE-755: CWE-755
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744
- https://access.redhat.com/security/cve/CVE-2020-1744
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744
- https://access.redhat.com/security/cve/CVE-2020-1744
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.