PT-2018-10165 · Red Hat · Keycloak

Chess Hazlett

Published

2018-08-01

Updated

2022-05-13

CVE-2018-10894

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Keycloak version 3.4.3.Final

Description The issue concerns SAML authentication in Keycloak, where expired certificates are incorrectly authenticated. This could allow a malicious user to access unauthorized data or conduct further attacks.

Recommendations For Keycloak version 3.4.3.Final, update to a newer version that contains a fix for this issue to prevent the incorrect authentication of expired certificates.

Fix

Improper Certificate Validation

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295CWE-345

Related Identifiers

CVE-2018-10894

GHSA-XVV8-8WH9-9FH2

RHSA-2018:3592

RHSA-2018:3593

Affected Products

Keycloak

PT-2018-10165 · Red Hat · Keycloak

CVE-2018-10894

Weakness Enumeration

Related Identifiers

Affected Products

References · 10