CVE-2023-6484 - Log Injection Vulnerability in Keycloak WebAuthn Explained (with Code Example & Exploit Details)
Keycloak is an open-source software solution for identity and access management, used worldwide to secure web apps and services. In January 2024, a new flaw—
CVE-2023-5675 - Quarkus Authorization Bypass via Abstract Classes and Extensions – Exploit Explained
Summary:
CVE-2023-5675 is a significant security vulnerability that affects Java applications using Quarkus, specifically those using the RestEasy Classic or Reactive JAX-RS endpoints. If your
CVE-2023-3597 - Keycloak’s Authentication Bypass via Invalid Step-Up 2FA Registration Explained
---
Keycloak is widely used for single sign-on (SSO) and identity management solutions for both public and enterprise applications. In June 2023, a potential security
CVE-2023-3758 - Exploiting a Race Condition in SSSD GPO Policy Enforcement
In June 2023, a new security vulnerability, identified as CVE-2023-3758, was disclosed in the System Security Services Daemon (SSSD). This bug impacts how Group Policy
CVE-2024-2419 - Keycloak’s Redirect_URI Bypass, Token Theft Made Easy
Keycloak is a pretty popular open-source identity and access management tool, commonly used to handle login and single sign-on (SSO) for web applications. Security is
Episode
00:00:00
00:00:00