CVE-2020-1744: Improper Handling of Exceptional Conditions

September 20, 2021

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.

References

access.redhat.com/security/cve/CVE-2020-1744
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744
github.com/advisories/GHSA-4gf2-xv97-63m2
nvd.nist.gov/vuln/detail/CVE-2020-1744

Detect and mitigate CVE-2020-1744 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →