CVE-2020-1744

Published: Mar 24, 2020Modified: Nov 21, 2024

5.6

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Exploitability: 2.2 / Impact: 3.4

Source: NVD

Description

A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.

Affected (1)

Products: Redhat: Keycloak

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Keycloak	Before 9.0.1

Related CWEs

Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

References (4)

https://access.redhat.com/security/cve/CVE-2020-1744

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/security/cve/CVE-2020-1744

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.