CVE-2017-7474
keycloak-connect: auth token validity check ignored
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
Se encontró que el adaptador de Keycloak Node.js 2.5 - 3.0 no controló correctamente los símbolos no válidos. Un atacante podría utilizar esta falla para omitir la autenticación y obtener acceso a información restringida, o posiblemente llevar a cabo otros ataques.
It was found that the Keycloak Node.js adapter did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-05 CVE Reserved
- 2017-05-08 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-253: Incorrect Check of Function Return Value
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2017-1203.html | 2019-10-03 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1445271 | 2017-05-08 | |
https://access.redhat.com/security/cve/CVE-2017-7474 | 2017-05-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 2.5.0 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "2.5.0" | - |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 2.5.0 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "2.5.0" | cr1 |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 2.5.1 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "2.5.1" | - |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 2.5.2 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "2.5.2" | - |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 2.5.3 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "2.5.3" | - |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 2.5.4 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "2.5.4" | - |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 2.5.5 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "2.5.5" | - |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 2.5.6 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "2.5.6" | - |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 2.5.7 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "2.5.7" | - |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 3.0.0 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "3.0.0" | - |
Affected
| ||||||
Keycloak Search vendor "Keycloak" | Keycloak-nodejs-auth-utils Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" | 3.0.0 Search vendor "Keycloak" for product "Keycloak-nodejs-auth-utils" and version "3.0.0" | cr1 |
Affected
|