Vulnerabilities > CVE-2021-3424 - Unspecified vulnerability in Redhat Single Sign-On 7.4

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

redhat

NVD

Published: 2021-06-01

Updated: 2022-04-25

Summary

A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Single Sign ON 7.4	1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1933320