SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Security)  >   Red Hat Single Sign-On Vendors:   Red Hat
Red Hat Single Sign-On Bugs Let Remote Authenticated Users Delete User Accounts in a Different Realm and Let Remote Users Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1038180
SecurityTracker URL:  http://securitytracker.com/id/1038180
CVE Reference:   CVE-2016-8629, CVE-2017-2585   (Links to External Site)
Date:  Apr 5 2017
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 7.1
Description:   Two vulnerabilities were reported in Red Hat Single Sign-On. A remote authenticated user can modify data on the target system. A remote user can obtain potentially sensitive information on the target system.

A remote authenticated user can send service account user deletion request to the target REST service to exploit a flaw in keycloak and bypass permission checks and delete users in a different realm [CVE-2016-8629].

A remote user may be able to conduct a timing attack against the keycloak HMAC verification implementation for JWS tokens to obtain potentially sensitive information [CVE-2017-2585].

Richard Kettelerij (Mindloops) reported the HMAC verification timing vulnerability.

Impact:   A remote authenticated user can modify data on the target system.

A remote user can obtain potentially sensitive information on the target system.

Solution:   Red Hat has issued a fix (7.1).

The Red Hat advisories are available at:

https://access.redhat.com/errata/RHSA-2017:0872
https://access.redhat.com/errata/RHSA-2017:0873

Vendor URL:  access.redhat.com/errata/RHSA-2017:0873 (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Red Hat Enterprise)
Underlying OS Comments:  6, 7

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2017, SecurityGlobal.net LLC