漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
CVSS Information
N/A
Vulnerability Type
认证机制不恰当
Vulnerability Title
Red Hat Keycloak 授权问题漏洞
Vulnerability Description
Red Hat Keycloak是美国红帽(Red Hat)公司的一套为现代应用和服务提供身份验证和管理功能的软件。 Red Hat Keycloak 存在安全漏洞,该漏洞源于默认的 ECP 绑定流允许绕过其他身份验证流。攻击者可以通过发送带有 AuthnRequest 和 Authorization 标头以及用户凭据的 SOAP 请求来绕过 MFA 身份验证。
CVSS Information
N/A
Vulnerability Type
N/A