CVE-2017-12160 : What You Need to Know
Discover the impact of CVE-2017-12160, a Keycloak oauth vulnerability allowing attackers to maintain access tokens post-permission revocation, leading to unauthorized access and potential attacks. Learn about affected systems, exploitation, and mitigation steps.
Researchers discovered a vulnerability in Keycloak oauth that allows an authenticated resource to retain access and refresh tokens even after permissions are revoked, potentially enabling unauthorized access and further attacks.
Understanding CVE-2017-12160
What is CVE-2017-12160?
Keycloak oauth vulnerability allows an attacker to maintain access tokens post-permission revocation, leading to potential unauthorized access and further exploitation.
The Impact of CVE-2017-12160
The vulnerability enables attackers to retain permissions on compromised resources, facilitating prolonged unauthorized access and potential malicious activities.
Technical Details of CVE-2017-12160
Vulnerability Description
- Keycloak oauth flaw permits authenticated resources to retain access and refresh tokens post-permission revocation.
Affected Systems and Versions
- Product: Keycloak
- Vendor: Red Hat, Inc.
- Version: 3.4.0
Exploitation Mechanism
- Attackers on compromised resources exploit the vulnerability to maintain permissions and potentially conduct additional attacks.
Mitigation and Prevention
Immediate Steps to Take
- Apply patches and updates provided by Red Hat, Inc.
- Monitor and revoke access tokens regularly.
Long-Term Security Practices
- Implement least privilege access controls.
- Conduct regular security audits and assessments.
Patching and Updates
- Red Hat, Inc. has released security advisories (RHSA-2017:2904, RHSA-2017:2905, RHSA-2017:2906) addressing the vulnerability.