VYPR
Moderate severityOSV Advisory· Published Sep 3, 2024· Updated Mar 26, 2026

Keycloak: potential bypass of brute force protection

CVE-2024-4629

Description

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.keycloak:keycloak-servicesMaven
< 22.0.1222.0.12
org.keycloak:keycloak-servicesMaven
>= 23.0.0, < 24.0.724.0.7
org.keycloak:keycloak-servicesMaven
>= 25.0.0, < 25.0.425.0.4

Affected products

2

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.