Bug 1999196 (CVE-2021-3754)
Summary: | CVE-2021-3754 keycloak: allows using email as username | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Michael Kaplan <mkaplan> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | akoufoud, alazarot, anstephe, avibelli, bgeorges, boliveir, chazlett, cmoulliard, dkreling, emingora, ibek, ikanello, jochrist, jpallich, jrokos, jwon, kverlaen, lthon, mnovotny, pdrozd, peholase, pgallagh, pjindal, pskopek, rguimara, rruss, sthorger |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1998585, 1999637 |
Description
Michael Kaplan
2021-08-30 17:08:03 UTC
|