Vulnerabilities > CVE-2021-3754 - Unspecified vulnerability in Redhat Keycloak and Single Sign-On

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

redhat

NVD

Published: 2022-08-26

Updated: 2022-09-01

Summary

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Keycloak - Redhat Single Sign ON 7.0	2

References

https://access.redhat.com/security/cve/CVE-2021-3754
https://bugzilla.redhat.com/show_bug.cgi?id=1999196