CVE Vulnerabilities

CVE-2023-6787

Improper Authentication

Published: Apr 25, 2024 | Modified: Jun 30, 2025
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Ubuntu

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter prompt=login, prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting Restart login, an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Build_of_keycloak Redhat - (including) - (including)
Keycloak Redhat * 22.0.10 (excluding)
Keycloak Redhat 23.0.0 (including) 24.0.3 (excluding)
Red Hat build of Keycloak 22 RedHat rhbk/keycloak-operator-bundle:22.0.10-1 *
Red Hat build of Keycloak 22 RedHat rhbk/keycloak-rhel9:22-13 *
Red Hat build of Keycloak 22 RedHat rhbk/keycloak-rhel9-operator:22-16 *
Red Hat build of Keycloak 22.0.10 RedHat keycloak-core *

Potential Mitigations

References