Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.3
CVSSv3

CVE-2021-3754

Published: 26/08/2022 Updated: 01/09/2022
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Redhat

Vulnerability Summary

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

redhat keycloak -

redhat single sign-on 7.0

Github Repositories

https://github.com/7Ragnarok7/CVE-2021-3754

Vulnerability details and exploit for CVE-2021-3754

CVE-2021-3754 This repository documents Vulnerability details and exploit for CVE-2021-3754 discovered and reported by myself on 21st August 2021 Metrics CWE-20: Improper Input Validation CVSS: 53 (MEDIUM) Description A flaw was found in Apache Keycloak & Redhat SSO where an attacker is able to register himself with the username same as the email ID of any existing u

References

NVD-CWE-noinfohttps://access.redhat.com/security/cve/CVE-2021-3754https://bugzilla.redhat.com/show_bug.cgi?id=1999196https://nvd.nist.govhttps://github.com/7Ragnarok7/CVE-2021-3754
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook