Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-vhvq-jh34-3fc8: Keycloak allows impersonation and lockout due to email trust not being handled correctly

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

ghsa
#git

Keycloak allows impersonation and lockout due to email trust not being handled correctly

Moderate severity GitHub Reviewed Published Jan 13, 2023 • Updated Jan 13, 2023

Related news

GHSA-c7xw-p58w-h6fj: Keycloak: Impersonation and lockout possible through incorrect handling of email trust

Impersonation and lockout are possible due to email trust not being handled correctly in Keycloak. Since the verified state is not reset when the email changes, it is possible for users to shadow others with the same email and lock out or impersonate them.

CVE-2023-0105: Red Hat Customer Portal - Access to 24x7 support and knowledge

A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.

ghsa: Latest News

GHSA-hqmp-g7ph-x543: TunnelVision - decloaking VPNs using DHCP