#VU38017 Improper Authentication in Keycloak - CVE-2017-12160

Cybersecurity Help s.r.o.

Published: 2017-10-26 | Updated: 2020-08-08

Vulnerability identifier: #VU38017

Vulnerability risk: Medium

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-12160

CWE-ID: CWE-287

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Keycloak
Server applications / Directory software, identity management

Vendor: Keycloak

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Keycloak: All versions

External links
https://access.redhat.com/errata/RHSA-2017:2904
https://access.redhat.com/errata/RHSA-2017:2905
https://access.redhat.com/errata/RHSA-2017:2906
https://bugzilla.redhat.com/show_bug.cgi?id=1484154

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Keycloak

Red Hat Single Sign-On 7 update for rh-sso7-keycloak