instipod/DuoUniversalKeycloakAuthenticator

Releases16

Frequency3 months 4 weeks

Last Release 3 months ago

Stars61

Keycloak Authenticator for Duo's new Universal Prompt

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2023-49594 ↗	Dec 23, 2023Saturday, 23 December 2023, 20:15	4.5 MEDIUM	—
An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability.