A flaw was found in keycloak. Internationalized domain name (IDN) homograph attacks may be used to impersonate users. References: https://issues.redhat.com/browse/KEYCLOAK-17256
Acknowledgments: Name: Kristian Klausen
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 6 Via RHSA-2021:2063 https://access.redhat.com/errata/RHSA-2021:2063
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 8 Via RHSA-2021:2065 https://access.redhat.com/errata/RHSA-2021:2065
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4 for RHEL 7 Via RHSA-2021:2064 https://access.redhat.com/errata/RHSA-2021:2064
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-3424
This issue has been addressed in the following products: Red Hat Single Sign-On 7.4.7 Via RHSA-2021:2070 https://access.redhat.com/errata/RHSA-2021:2070