CVE-2021-3424

Keycloak is vulnerable to IDN homograph attack in maven/org.keycloak/keycloak-services

Identifiers

GHSA-pf38-cw3p-22q9, CVE-2021-3424

Package Slug

maven/org.keycloak/keycloak-services

Vulnerability

Keycloak is vulnerable to IDN homograph attack

Description

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.

Affected Versions

All versions before 18.0.0

Solution

Upgrade to version 18.0.0 or above.

Last Modified

2022-05-01

source