Vulnerabilities > CVE-2020-14389 - Use of Password Hash With Insufficient Computational Effort vulnerability in Redhat Keycloak

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
redhat
CWE-916

Summary

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.

Vulnerable Configurations

Part Description Count
Application
Redhat
119