Vulnerabilities > CVE-2021-3461 - Insufficient Session Expiration vulnerability in Redhat Keycloak and Single Sign-On
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
A flaw was found in keycloak where keycloak may fail to logout user session if the logout request comes from external SAML identity provider and Principal Type is set to Attribute [Name].
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |