CVE-2024-4629

medium

Description

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2276761

https://access.redhat.com/security/cve/CVE-2024-4629

https://access.redhat.com/errata/RHSA-2024:6501

https://access.redhat.com/errata/RHSA-2024:6500

https://access.redhat.com/errata/RHSA-2024:6499

https://access.redhat.com/errata/RHSA-2024:6497

https://access.redhat.com/errata/RHSA-2024:6495

https://access.redhat.com/errata/RHSA-2024:6494

https://access.redhat.com/errata/RHSA-2024:6493

Details

Source: Mitre, NVD

Published: 2024-09-03

Updated: 2024-09-16

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium