Alexander Schwartz

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A logic flaw exists in Keycloak’s session management. The software does not immediately enforce the disabling of the "Remember Me" realm setting on existing user sessions. Sessions created while "Remember Me" was active maintain their extended session lifetime until they expire, bypassing the administrator’s recent security configuration change. This flaw stems from the session expiration logic relying on the session-local "remember-me" flag without verifying the current realm-level configuration. This increases the potential for session hijacking or unauthorized long-term access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** quarkus-core (affected versions not specified) **Description** A vulnerability was found in the implementation of the TLS protocol in the Quarkus Java framework. This issue is related to the insufficient reliability of encryption when using the quarkus.http.ssl.protocols configuration. The vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, allowing a client to force the selection of a weaker supported TLS protocol. This could potentially allow a remote attacker to gain unauthorized access to protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.