High severityNVD Advisory· Published Aug 22, 2022· Updated Aug 3, 2024
CVE-2021-3513
CVE-2021-3513
Description
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-parentMaven | < 13.0.0 | 13.0.0 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-xv7h-95r7-595jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-3513ghsaADVISORY
- access.redhat.com/security/cve/CVE-2021-3513ghsax_refsource_MISCWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- github.com/keycloak/keycloak/pull/7976ghsaWEB
News mentions
0No linked articles in our index yet.