CVE-2021-3513

CVE-2021-3513

Vendor N/A
Product keycloak
Weakness CWE-522 · Insufficiently protected credentials
Published August 22, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.

Key dates

02Disclosure timeline

August 22, 2022 CVE published
August 3, 2024 Record updated