Improper Authentication in org.keycloak:keycloak-core

GHSA-95m6-mjh3-58gm · CVE-2016-8609

Published Oct 18, 2018 · Modified Nov 8, 2023

Description

It was found that the keycloak before 2.3.0 did not implement authentication flow correctly. An attacker could use this flaw to construct a phishing URL, from which he could hijack the user's session. This could lead to information disclosure, or permit further possible attacks.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2016-8609
ADVISORY https://github.com/advisories/GHSA-95m6-mjh3-58gm

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes