CVE-2021-3513 log

Source
Severity Medium
Remote Yes
Type Information disclosure
Description
A security issue was found in keycloak before version 13.0.0 where brute force attacks are possible even when the permanent lockout feature is enabled because of the wrong error message that is displayed when wrong credentials are entered.
Group Package Affected Fixed Severity Status Ticket
AVG-1926 keycloak 12.0.4-1 13.0.0-1 High Fixed
References
https://bugzilla.redhat.com/show_bug.cgi?id=1953439
https://issues.redhat.com/browse/KEYCLOAK-17835
https://github.com/keycloak/keycloak/pull/7976
https://github.com/keycloak/keycloak/commit/315b9e3c2970145e03dfaaddc364d588c9ebf060