Skip to main content

Improper Handling of Exceptional Conditions

CVE-2020-1744

Severity Medium
Score 5.6/10

Summary

A flaw was found in keycloak before version 9.0.2. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.

  • HIGH
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • LOW

CWE-755 - Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

Advisory Timeline

  • Published