Keycloak is vulnerable to IDN homograph attack

GHSA-mwm4-5qwr-g9pf

Published Apr 28, 2022 · Modified Nov 28, 2024

Description

A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity.

References

WEB https://github.com/keycloak/keycloak/security/advisories/GHSA-mwm4-5qwr-g9pf
WEB https://github.com/keycloak/keycloak/commit/ac79fd0c23c6947a04073afc61e30d341498438e
PACKAGE https://github.com/keycloak/keycloak

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes