CVE-2024-1722

Keycloak-core: dos via account lockout

Description

A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in.

Remediation

Workaround:

  • Red Hat Product Security is not aware of a way to completely mitigate this issue. However, the following techniques can be used to help prevent exploitation: - Put limits on frequency of account registration, restricting how often an attacker could utilize this attack - Restrict new account registration to not allow email addresses in the username field, for example, by not allowing the "@" symbol. Note: this cannot prevent attacks against existing users who have registered with an email address. If this vulnerability has been triggered, an administrator has two options to remedy it manually by modifying the second account (of the attacker): - Delete the account - Change the username

Category

3.7
CVSS
Severity: Low
CVSS 3.1 •
EPSS 0.24%
Affected: Red Hat Red Hat Build of Keycloak
Affected: Red Hat Red Hat Single Sign-On 7
Published at:
Updated at:

References

Link Tags
https://access.redhat.com/security/cve/CVE-2024-1722 vdb entry broken link
https://bugzilla.redhat.com/show_bug.cgi?id=2265389 issue tracking

Frequently Asked Questions

What is the severity of CVE-2024-1722?
CVE-2024-1722 has been scored as a low severity vulnerability.
How to fix CVE-2024-1722?
As a workaround for remediating CVE-2024-1722: Red Hat Product Security is not aware of a way to completely mitigate this issue. However, the following techniques can be used to help prevent exploitation: - Put limits on frequency of account registration, restricting how often an attacker could utilize this attack - Restrict new account registration to not allow email addresses in the username field, for example, by not allowing the "@" symbol. Note: this cannot prevent attacks against existing users who have registered with an email address. If this vulnerability has been triggered, an administrator has two options to remedy it manually by modifying the second account (of the attacker): - Delete the account - Change the username
Is CVE-2024-1722 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-1722 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-1722?
CVE-2024-1722 affects Red Hat Red Hat Build of Keycloak, Red Hat Red Hat Single Sign-On 7.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.