It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Keycloak | Redhat | 3.4.3 (including) | 3.4.3 (including) |
Red Hat Single Sign-On 7.2.5 zip | RedHat | server | * |
Red Hat Single Sign-On 7.2 for RHEL 6 | RedHat | rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el6 | * |
Red Hat Single Sign-On 7.2 for RHEL 7 | RedHat | rh-sso7-keycloak-0:3.4.14-1.Final_redhat_00001.1.jbcs.el7 | * |
Text-Only RHOAR | RedHat | * |