PT-2021-20407 · Red Hat · Red Hat Single Sign-On+1

Kristian Klausen

Published

2021-06-01

Updated

2022-04-28

CVE-2021-3424

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Red Hat Single Sign-On version 7.4

Description: A flaw was found in the software where IDN homograph attacks are possible, allowing a malicious user to register with a name already registered and potentially trick an administrator into granting extra privileges.

Recommendations: For Red Hat Single Sign-On version 7.4, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2021-3424

GHSA-PF38-CW3P-22Q9

RHSA-2021:2063

RHSA-2021:2064

RHSA-2021:2065

Affected Products

Keycloak

Red Hat Single Sign-On

PT-2021-20407 · Red Hat · Red Hat Single Sign-On+1

CVE-2021-3424

Weakness Enumeration

Related Identifiers

Affected Products

References · 6