---

CVE-2021-3513 - log back

CVE-2021-3513 edited at 06 May 2021 17:55:45
Description	- A security issue was found in keycloak where brute force attack is possible even when Permanent lockout feature is enabled because of the wrong error message displayed when wrong credentials entered. + A security issue was found in keycloak before version 13.0.0 where brute force attacks are possible even when the permanent lockout feature is enabled because of the wrong error message that is displayed when wrong credentials are entered.
References	https://bugzilla.redhat.com/show_bug.cgi?id=1953439 https://issues.redhat.com/browse/KEYCLOAK-17835 + https://github.com/keycloak/keycloak/pull/7976 + https://github.com/keycloak/keycloak/commit/315b9e3c2970145e03dfaaddc364d588c9ebf060

CVE-2021-3513 edited at 27 Apr 2021 07:56:22
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ A security issue was found in keycloak where brute force attack is possible even when Permanent lockout feature is enabled because of the wrong error message displayed when wrong credentials entered.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1953439 + https://issues.redhat.com/browse/KEYCLOAK-17835

CVE-2021-3513 created at 27 Apr 2021 07:55:23
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes