mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2025-12-16 20:15:46 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
archive/release/22.0
keycloak/themes
History
Marek Posolda aa634aee88 CVE-2023-3597 - Secondary factor bypass in step-up authentication (#144) 
* Restrict the token types that can be verified when not using the user info endpoint

Closes #47

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>

Conflicts:
	core/src/main/java/org/keycloak/util/TokenUtil.java
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oauth/ClientTokenExchangeTest.java

* Secondary factor bypass in step-up authentication
closes #34

Signed-off-by: mposolda <mposolda@gmail.com>

---------

Signed-off-by: mposolda <mposolda@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2024-03-23 15:16:28 +01:00
..
src/main
CVE-2023-3597 - Secondary factor bypass in step-up authentication (#144)
2024-03-23 15:16:28 +01:00
.gitignore
Remove Node modules from source control (#9963)
2022-03-02 08:49:17 +01:00
pom.xml
Add option to exclude community translations at build time (#19224)
2023-03-22 07:57:57 +00:00
UPDATING-NODE-MODULES.md
Removed old account console (#21098)
2023-06-20 20:46:57 +02:00