Description
A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1953439
https://access.redhat.com/security/cve/CVE-2021-3513
Related Vulnerabilities
CVE-2020-1717 Vulnerability in maven package org.keycloak:keycloak-parent
CVE-2023-33002 Vulnerability in maven package org.jenkins-ci.plugins:testcomplete
CVE-2022-43407 Vulnerability in maven package org.jenkins-ci.plugins:pipeline-input-step
CVE-2020-6463 Vulnerability in maven package org.webjars.npm:electron
CVE-2015-20110 Vulnerability in npm package generator-jhipster