logo

Database

Insecure generation of random numbers In org.keycloak:keycloak-core

Description

Predictable password in Keycloak A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-17312. NVD-2020-17313. OSV-2020-17314. GCVE-2020-1731

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1731

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.