Techly NewsGet the app

Get the latest tech news

Keycloak took 10 months to fix a 2FA bypass


Earlier this year, I was working […]

This issue presents a significant security risk as it allows unauthorized users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. An attacker with access to a non-administrative user account can invoke the “ testLDAPConnection functionality by modifying the connectionUrl parameter with an arbitrary value, and the LDAP credentials will be sent to the attacker-controller server. Based on our analysis, the software didn’t implement mechanisms to prevent concurrent access to security-critical resources, such as the number of failed authentication attempts.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of bypass

bypass

Photo of months

months

Photo of Keycloak

Keycloak

Related news:

News photo

BYD added a Tesla-worth of production capacity over the past 3 months

News photo

Chinese space station crew returns after six months in orbit

News photo

Audible is offering three months for $3 in an early Black Friday deal

« Why is it so hard to find a job now? Enter Ghost Jobs
The Onion wins Alex Jones' Infowars in bankruptcy auction »