Exploit for #VU72725 Authentication bypass using an alternate path or channel in Keycloak

Cybersecurity Help s.r.o.

Published: 2024-05-31

Vulnerability identifier: #VU72725

Vulnerability risk: Medium

CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2023-0264

CWE-ID: CWE-288

Exploitation vector: Network

Exploits in database: 1

May 31, 2024
- CVE-2023-0264 (A small PoC for the Keycloak vulnerability CVE-2023-0264) [Github]

Vulnerable software:
Keycloak
Server applications / Directory software, identity management

Vendor: Keycloak