Vulnerability Details CVE-2018-14657
A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.8%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 4.3
References
- https://access.redhat.com/errata/RHSA-2018:3592
- https://access.redhat.com/errata/RHSA-2018:3593
- https://access.redhat.com/errata/RHSA-2018:3595
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657
- https://access.redhat.com/errata/RHSA-2018:3592
- https://access.redhat.com/errata/RHSA-2018:3593
- https://access.redhat.com/errata/RHSA-2018:3595
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14657
Products affected by CVE-2018-14657
-
cpe:2.3:a:redhat:keycloak:4.2.1
-
cpe:2.3:a:redhat:keycloak:4.3.0
-
cpe:2.3:a:redhat:single_sign-on:-
-
cpe:2.3:a:redhat:single_sign-on:7.2
-
cpe:2.3:o:redhat:linux:6.0
-
cpe:2.3:o:redhat:linux:7.0