CVE-2023-6787 Information

Description

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter \prompt=login\ prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting \Restart login\ an account takeover may occur as the new session with a different SUB will possess the same SID as the previous session.

Reference

https://access.redhat.com/errata/RHSA-2024:1867 https://access.redhat.com/errata/RHSA-2024:1868 https://access.redhat.com/security/cve/CVE-2023-6787 https://bugzilla.redhat.com/show_bug.cgi?id=2254375