A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
Se ha encontrado un fallo en keycloak por el que es posible realizar un ataque de fuerza bruta incluso cuando la función de bloqueo permanente está habilitada. Esto es debido a un mensaje de error que es mostrado cuando son introducidos credenciales incorrectas. La mayor amenaza de esta vulnerabilidad es la confidencialidad.
Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.9 serves as a replacement for Red Hat Single Sign-On 7.4.8, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and traversal vulnerabilities.
