Impact: Low Public Date: 2014-09-20 CWE: CWE-352 Bugzilla: 1144817: CVE-2014-3655 JBoss KeyCloak: Soft Token deletion via CSRF It exists that JBoss KeyCloak's soft token removal endpoint was vulnerable to Cross-Site Request Forgery (CSRF) attacks. A remote attacker could provide a specially crafted web page that, when visited by a user authenticated by KeyCloak, could allow the malicious user to remove a soft token registerd to the user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat keycloak |
||
redhat jboss enterprise web server 1.0.0 |