CVE-2021-3513 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Information disclosure
Description	A security issue was found in keycloak before version 13.0.0 where brute force attacks are possible even when the permanent lockout feature is enabled because of the wrong error message that is displayed when wrong credentials are entered.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1926	keycloak	12.0.4-1	13.0.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
19 May 2021	ASA-202105-6	AVG-1926	keycloak	High	multiple issues

References
https://bugzilla.redhat.com/show_bug.cgi?id=1953439 https://issues.redhat.com/browse/KEYCLOAK-17835 https://github.com/keycloak/keycloak/pull/7976 https://github.com/keycloak/keycloak/commit/315b9e3c2970145e03dfaaddc364d588c9ebf060

References

https://bugzilla.redhat.com/show_bug.cgi?id=1953439
https://issues.redhat.com/browse/KEYCLOAK-17835
https://github.com/keycloak/keycloak/pull/7976
https://github.com/keycloak/keycloak/commit/315b9e3c2970145e03dfaaddc364d588c9ebf060