CVE-2023-6484: Log Injection Flaw Discovered in Keycloak's WebAuthn Authentication Mode - Analyzing the Impact and Exploring Possible Exploits
Recently, a log injection vulnerability (CVE-2023-6484) was discovered in Keycloak's WebAuthn Authentication Mode. This vulnerability enables an attacker to inject a text string
CVE-2023-5675: Quarkus Authorization Bypass Vulnerability in JAX-RS Endpoints
Summary: Security researchers have discovered a critical authorization bypass vulnerability in Quarkus, a popular Java-based Kubernetes-native framework. The vulnerability impacts both RestEasy Classic and Reactive
CVE-2023-3597 - Keycloak Authentication Bypass Vulnerability via Client Step-Up Authentication Misvalidation
A critical security vulnerability (CVE-2023-3597) has been discovered in Keycloak, a widely-used open-source Identity and Access Management (IAM) solution. This vulnerability allows an attacker to
CVE-2023-3758: Race Condition Flaw in SSSD - GPO Policy Inconsistency and Potential Improper Authorization
In today's post, we'll discuss a recently discovered race condition flaw (CVE-2023-3758) found in the System Security Services Daemon (SSSD). This
CVE-2024-2419: Keycloak Redirect_URI Validation Flaw Potentially Leading to Access Token Theft
A new security vulnerability, CVE-2024-2419, has been identified in Keycloak's redirect_uri validation logic. This flaw allows attackers to bypass explicitly allowed hosts
Episode
00:00:00
00:00:00