cve-2024-7318
Vulnerability from cvelistv5
Published
2024-09-09 18:50
Modified
2024-11-24 18:42
Severity ?
EPSS score ?
Summary
A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.
A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.
References
▼ | URL | Tags | |
---|---|---|---|
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:6502 | Issue Tracking | |
secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:6503 | Issue Tracking | |
secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2024-7318 | Vendor Advisory | |
secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2301876 | Issue Tracking, Vendor Advisory |
Impacted products
Vendor | Product | Version | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Red Hat | Red Hat Build of Keycloak |
cpe:/a:redhat:build_keycloak:24 |
||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-7318", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-09T19:08:16.666351Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-09T19:08:33.567Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:24" ], "defaultStatus": "unaffected", "packageName": "keycloak-core", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:24::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-operator-bundle", "product": "Red Hat build of Keycloak 24", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "24.0.7-4", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:24::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-rhel9", "product": "Red Hat build of Keycloak 24", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "24-16", "versionType": "rpm" } ] }, { "collectionURL": "https://catalog.redhat.com/software/containers/", "cpes": [ "cpe:/a:redhat:build_keycloak:24::el9" ], "defaultStatus": "affected", "packageName": "rhbk/keycloak-rhel9-operator", "product": "Red Hat build of Keycloak 24", "vendor": "Red Hat", "versions": [ { "lessThan": "*", "status": "unaffected", "version": "24-16", "versionType": "rpm" } ] } ], "credits": [ { "lang": "en", "value": "This issue was discovered by Todd Cullum (Red Hat)." } ], "datePublic": "2024-09-09T13:55:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\r\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Low" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-324", "description": "Use of a Key Past its Expiration Date", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-24T18:42:36.480Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:6502", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6502" }, { "name": "RHSA-2024:6503", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:6503" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-7318" }, { "name": "RHBZ#2301876", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301876" } ], "timeline": [ { "lang": "en", "time": "2024-07-31T03:04:38+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-09-09T13:55:00+00:00", "value": "Made public." } ], "title": "Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity", "x_redhatCweChain": "CWE-324: Use of a Key Past its Expiration Date" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-7318", "datePublished": "2024-09-09T18:50:36.583Z", "dateReserved": "2024-07-31T03:04:15.355Z", "dateUpdated": "2024-11-24T18:42:36.480Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-7318\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-09-09T19:15:14.237\",\"lastModified\":\"2024-10-07T20:15:17.153\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\\r\\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en Keycloak. Los c\u00f3digos OTP vencidos a\u00fan se pueden usar al usar FreeOTP cuando el per\u00edodo del token OTP est\u00e1 configurado en 30 segundos (predeterminado). En lugar de vencer y considerarse inutilizables despu\u00e9s de unos 30 segundos, los tokens son v\u00e1lidos durante 30 segundos adicionales, lo que suma un total de 1 minuto. Un c\u00f3digo de acceso de un solo uso que sea v\u00e1lido por m\u00e1s tiempo que su tiempo de vencimiento aumenta la ventana de ataque para que los actores maliciosos abusen del sistema y comprometan las cuentas. Adem\u00e1s, aumenta la superficie de ataque porque en un momento dado, dos OTP son v\u00e1lidas.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-324\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"22.0\",\"versionEndExcluding\":\"24.0.7\",\"matchCriteriaId\":\"B2383FB8-896C-4C88-8256-88D8EEA0C0CE\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:6502\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:6503\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-7318\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2301876\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.