CVE-2018-14657

Description

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

Red Hat / keycloak4.2.1.Final, 4.3.0.Final – 4.2.1.Final, 4.3.0.Final

References

VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:3592
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:3593
VENDOR_ADVISORYhttps://access.redhat.com/errata/RHSA-2018:3595
MISChttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657