Keycloak DC-2024-XXXX (Critical)

2024-11-25

:
A critical vulnerability has been discovered in Keycloak that can allow attackers to bypass mTLS authentication and impersonate users or clients. This vulnerability affects Keycloak deployments using a reverse proxy that terminates TLS connections and has mTLS enabled.

Affected Versions:

– Keycloak < 24.0.9

– Keycloak >= 25.0.0, < 26.0.6

Patched Version:

– Keycloak 26.0.6

What Undercode Says:

Keycloak, a popular open-source identity and access management solution, has been found to have a critical vulnerability that could allow attackers to bypass mTLS authentication. This vulnerability is particularly concerning for organizations that rely on Keycloak to secure their applications and services.

It is highly recommended that all users of Keycloak upgrade to the latest version, 26.0.6, as soon as possible. In the meantime, organizations can mitigate the risk by disabling mTLS authentication or ensuring that their reverse proxy is configured to pass through TLS connections.

This vulnerability highlights the importance of keeping software up-to-date and following security best practices. By taking these steps, organizations can help protect themselves from cyberattacks.

References:

Reported By: Github.com
Undercode AI: https://ai.undercodetesting.com

Image Source:

OpenAI: https://openai.com
Undercode AI DI v2: https://ai.undercode.helpFeatured Image

Scroll to Top