Description
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1953439
https://access.redhat.com/security/cve/CVE-2021-3513
Related Vulnerabilities
CVE-2023-6927 Vulnerability in maven package org.keycloak:keycloak-common
CVE-2022-41930 Vulnerability in maven package org.xwiki.platform:xwiki-platform-user-profile-ui
CVE-2019-8331 Vulnerability in maven package org.webjars.bowergithub.angular-ui:bootstrap
CVE-2022-38666 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration