Description
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
Remediation
References
https://access.redhat.com/security/cve/CVE-2021-3513
https://bugzilla.redhat.com/show_bug.cgi?id=1953439
Related Vulnerabilities
CVE-2023-49674 Vulnerability in maven package io.jenkins.plugins:neuvector-vulnerability-scanner
CVE-2018-1229 Vulnerability in maven package org.springframework.batch:spring-batch-admin
CVE-2018-14042 Vulnerability in maven package org.webjars.bower:bootstrap-sass
CVE-2020-6429 Vulnerability in npm package electron
CVE-2015-1812 Vulnerability in maven package org.jenkins-ci.main:jenkins-core