Moderate severityOSV Advisory· Published Sep 3, 2024· Updated Mar 26, 2026
Keycloak: potential bypass of brute force protection
CVE-2024-4629
Description
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.keycloak:keycloak-servicesMaven | < 22.0.12 | 22.0.12 |
org.keycloak:keycloak-servicesMaven | >= 23.0.0, < 24.0.7 | 24.0.7 |
org.keycloak:keycloak-servicesMaven | >= 25.0.0, < 25.0.4 | 25.0.4 |
Affected products
2- Range: 1.0-alpha-1, 1.0-alpha-1-12062013, 1.0-alpha-2, …
Patches
Vulnerability mechanics
References
18- access.redhat.com/errata/RHSA-2024:6493ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:6494ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:6495ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:6497ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:6499ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:6500ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:6501ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-gc7q-jgjv-vjr2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-4629ghsaADVISORY
- access.redhat.com/security/cve/CVE-2024-4629ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/keycloak/keycloak/commit/2fb358e1a21c5387cdc11100ce3562b4dcfe5416ghsaWEB
- github.com/keycloak/keycloak/commit/461fa631dc55b9739c9ed8c49de9f5b213955200ghsaWEB
- github.com/keycloak/keycloak/commit/99f92ad5fff5555d53930c2d32f8be3e08c514c1ghsaWEB
- github.com/keycloak/keycloak/commit/b25c28458a562abda2f84fc684e59cce8577e562ghsaWEB
- github.com/keycloak/keycloak/commit/c8053dd812d9b9f05b293f901b9dc39e061ebb88ghsaWEB
- github.com/keycloak/keycloak/commit/d78b3072ffffbff3954bf9f3181e3daf8e93c1abghsaWEB
- github.com/keycloak/keycloak/security/advisories/GHSA-gc7q-jgjv-vjr2ghsaWEB
News mentions
0No linked articles in our index yet.