---

CVE-2021-3632 - log back

CVE-2021-3632 edited at 07 Aug 2021 19:17:40
References	https://bugzilla.redhat.com/show_bug.cgi?id=1978196 https://issues.redhat.com/browse/KEYCLOAK-18500 https://github.com/keycloak/keycloak/pull/8203 + https://github.com/keycloak/keycloak/commit/65480cb5a11630909c086f79d396004499fbd1e4

CVE-2021-3632 edited at 01 Jul 2021 11:27:57
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Authentication bypass
Description	+ A security issue was found in keycloak where it possible for anyone to register a new security device/key when there is no device already registered for any user using WebAuthn password-less login flow.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=1978196 + https://issues.redhat.com/browse/KEYCLOAK-18500 + https://github.com/keycloak/keycloak/pull/8203

CVE-2021-3632 created at 01 Jul 2021 11:25:41
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes