CVE-2021-3424: Keycloak is vulnerable to IDN homograph attack

April 28, 2022

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.

References

bugzilla.redhat.com/show_bug.cgi?id=1933320
github.com/advisories/GHSA-pf38-cw3p-22q9
nvd.nist.gov/vuln/detail/CVE-2021-3424

Detect and mitigate CVE-2021-3424 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →