CVE-2020-35509
23.08.2022, 16:15
A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.Enginsight
| Vendor | Product | Version |
|---|---|---|
| redhat | keycloak | 11.0.3 |
| redhat | keycloak | 12.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-295 - Improper Certificate ValidationThe software does not validate, or incorrectly validates, a certificate.