Description

A flaw was found in Keycloak, where it does not correctly validate its client step-up authentication in org.keycloak.authentication. This flaw allows a remote user authenticated with a password to register a false second authentication factor along with an existing one and bypass authentication.

INFO

Published Date :

2024-04-25T12:20:11.606Z

Last Modified :

2025-11-11T15:57:27.827Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2023-3597 vulnerability.

Vendors Products
Redhat
  • Build Keycloak
  • Red Hat Single Sign On

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact