Red Hat Single Sign-On Keycloak Authentication Flow Error Lets Remote Users Hijack the Target User's Session
SecurityTracker Alert ID: 1037460|
SecurityTracker URL: http://securitytracker.com/id/1037460
(Links to External Site)
Date: Dec 13 2016
User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
A vulnerability was reported in Red Hat Single Sign-On. A remote user can hijack the target user's session.|
A remote user can create a specially crafted URL that, when loaded by the target user, will exploit an authentication error in Keycloak and hijack the target user's session.
Hiroyuki Wada of Nomura Research Institute, Ltd reported this vulnerability.
A remote user can hijack the target user's session.|
Red Hat has issued a fix.|
The Red Hat advisory is available at:
Vendor URL: rhn.redhat.com/errata/RHSA-2016-2945.html (Links to External Site)
Access control error|
|Underlying OS: Linux (Red Hat Enterprise)|
Source Message Contents
Subject: [RHSA-2016:2945-01] Important: Red Hat Single Sign-On security update|
-----BEGIN PGP SIGNED MESSAGE-----
Red Hat Security Advisory
Synopsis: Important: Red Hat Single Sign-On security update
Advisory ID: RHSA-2016:2945-01
Product: Red Hat Single Sign-On
Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-2945.html
Issue date: 2016-12-13
CVE Names: CVE-2016-8609
A security update is now available for Red Hat Single Sign-On 7.0 from the
Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Red Hat Single Sign-On 7.0 is a standalone server, based on the Keycloak
project, that provides authentication and standards-based single sign-on
capabilities for web and mobile applications.
This asynchronous patch is a security update for Red Hat Single Sign-On
* It was found that Keycloak did not implement authentication flow
correctly. An attacker could use this flaw to construct a phishing URL,
from which he could hijack the user's session. This could lead to
information disclosure, or permit further possible attacks. (CVE-2016-8609)
Red Hat would like to thank Hiroyuki Wada of Nomura Research Institute, Ltd
for reporting this issue.
The References section of this erratum contains a download link (you must
log in to download the update). Before applying this update, back up your
existing Red Hat Single Sign-On installation.
4. Bugs fixed (https://bugzilla.redhat.com/):
1386729 - CVE-2016-8609 keycloak: account hijacking via auth code fixation
The Red Hat security contact is <firstname.lastname@example.org>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2016 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
-----END PGP SIGNATURE-----
RHSA-announce mailing list