CVE-2021-3513 log

Severity Medium
Remote Yes
Type Information disclosure
A security issue was found in keycloak before version 13.0.0 where brute force attacks are possible even when the permanent lockout feature is enabled because of the wrong error message that is displayed when wrong credentials are entered.
Group Package Affected Fixed Severity Status Ticket
AVG-1926 keycloak 12.0.4-1 13.0.0-1 High Fixed
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-6 AVG-1926 keycloak High multiple issues