CVE-2021-3513

Summary

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.

Affected Software

VendorProductVersion RangeStatus
n/akeycloakFixed in keycloak v13.0.0.affected

Weaknesses

  • CWE-522: CWE-522 - Insufficiently Protected Credentials

ADP Enrichment

CVE Program Container

Additional References

References