CVE-2017-7474 – keycloak-connect: auth token validity check ignored

https://notcve.org/view.php?id=CVE-2017-7474

08 May 2017 — It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks. Se encontró que el adaptador de Keycloak Node.js 2.5 - 3.0 no controló correctamente los símbolos no válidos. Un atacante podría utilizar esta falla para omitir la autenticación y obtener acceso a información restringida, o posiblemente llevar a cabo otros ataques. It was f... • http://rhn.redhat.com/errata/RHSA-2017-1203.html • CWE-253: Incorrect Check of Function Return Value •