Keycloak Duplicate Username Reg. Spoofing Email ID for PW Recovery
CVE-2021-3754 Published on August 26, 2022

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.

NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2021-3754

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-3754 are published in these products:

Red Hat Keycloak

Red Hat Single Sign On

Exploit Probability

EPSS

12.32%

Percentile

93.72%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Keycloak Duplicate Username Reg. Spoofing Email ID for PW RecoveryCVE-2021-3754 Published on August 26, 2022

Weakness Type

Improper Input Validation

Products Associated with CVE-2021-3754

Exploit Probability

Keycloak Duplicate Username Reg. Spoofing Email ID for PW Recovery
CVE-2021-3754 Published on August 26, 2022