Improper Brute Force Detection Implementation in Keycloak 4.2.1.Final and 4.3.0.Final

Improper Brute Force Detection Implementation in Keycloak 4.2.1.Final and 4.3.0.Final

CVE-2018-14657 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

Learn more about our Web Application Penetration Testing UK.