CVE-2021-3424 - A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks ar

CVE-2021-3424

Summary

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1933320

Vulnerable Configurations

cpe:2.3:a:redhat:single_sign-on:7.4:*:*:*:*:*:*:*
cpe:2.3:a:redhat:single_sign-on:7.4:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 25-04-2022 - 19:49)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:P/A:N

Last major update

25-04-2022 - 19:49

Published

01-06-2021 - 19:15

Last modified

25-04-2022 - 19:49