ID CVE-2020-14302
Summary A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:-:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:1.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:1.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:2.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:2.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:4.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:4.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:7.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:7.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:9.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:9.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:9.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:9.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:9.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:9.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:10.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:11.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:11.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:keycloak:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:keycloak:12.0.0:*:*:*:*:*:*:*
CVSS
Base: 4.0 (as of 18-12-2020 - 16:19)
Impact:
Exploitability:
CWE CWE-294
CAPEC
  • Man in the Middle Attack
    This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never observed. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components. MITM attacks differ from sniffing attacks since they often modify the communications prior to delivering it to the intended recipient. These attacks also differ from interception attacks since they may forward the sender's original unmodified data, after copying it, instead of keeping it for themselves.
  • Session Sidejacking
    Session sidejacking takes advantage of an unencrypted communication channel between a victim and target system. The attacker sniffs traffic on a network looking for session tokens in unencrypted traffic. Once a session token is captured, the attacker performs malicious actions by using the stolen token with the targeted application to impersonate the victim. This attack is a specific method of session hijacking, which is exploiting a valid session token to gain unauthorized access to a target system or information. Other methods to perform a session hijacking are session fixation, cross-site scripting, or compromising a user or server machine and stealing the session token.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:S/C:N/I:P/A:N
refmap via4
misc https://bugzilla.redhat.com/show_bug.cgi?id=1849584
Last major update 18-12-2020 - 16:19
Published 15-12-2020 - 20:15
Last modified 18-12-2020 - 16:19
Back to Top