Main Vulnerability Database Vulnerabilities #VU97468

#VU97468 Improper Restriction of Excessive Authentication Attempts in Keycloak - CVE-2024-4629

Published: September 18, 2024

Vulnerability identifier: #VU97468

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2024-4629

CWE-ID: CWE-307

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Keycloak

Software vendor:
Keycloak

Description

The vulnerability allows a remote attacker to perform a brute-force attack.

The vulnerability exists due to an error when handling unsuccessful login attempts. A remote attacker can initiate multiple login requests simultaneously and bypass the configured limits for failed attempts before the system locks them out.

Remediation

Install updates from vendor's website.

External links

https://bugzilla.redhat.com/show_bug.cgi?id=2276761
https://github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2

#VU97468 Improper Restriction of Excessive Authentication Attempts in Keycloak - CVE-2024-4629

Description

Remediation

External links

Please verify you're human