Skip to content

Keycloak is vulnerable to IDN homograph attack

Low severity GitHub Reviewed Published Apr 25, 2022 in keycloak/keycloak • Updated Jan 7, 2023

Package

maven org.keycloak:keycloak-services (Maven)

Affected versions

< 18.0.0

Patched versions

18.0.0

Description

A flaw was found in keycloak, where IDN homograph attacks are possible. This flaw allows a malicious user to register a name that already exists and then tricking an admin to grant extra privileges. The highest threat from this vulnerability is to integrity.

References

@abstractj abstractj published to keycloak/keycloak Apr 25, 2022
Published to the GitHub Advisory Database Apr 28, 2022
Reviewed Apr 28, 2022
Last updated Jan 7, 2023

Severity

Low

Weaknesses

CVE ID

No known CVE

GHSA ID

GHSA-mwm4-5qwr-g9pf

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.