CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2017-7474 – keycloak-connect: auth token validity check ignored
https://notcve.org/view.php?id=CVE-2017-7474
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks. Se encontró que el adaptador de Keycloak Node.js 2.5 - 3.0 no controló correctamente los símbolos no válidos. Un atacante podría utilizar esta falla para omitir la autenticación y obtener acceso a información restringida, o posiblemente llevar a cabo otros ataques. It was found that the Keycloak Node.js adapter did not handle invalid tokens correctly. • http://rhn.redhat.com/errata/RHSA-2017-1203.html https://bugzilla.redhat.com/show_bug.cgi?id=1445271 https://access.redhat.com/security/cve/CVE-2017-7474 • CWE-253: Incorrect Check of Function Return Value •