What the vulnerability does

01Description

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.

Key dates

02Disclosure timeline

May 12, 2017 CVE published
August 5, 2024 Record updated