Main Vulnerability Database Exploits ID:10601 - Exploit for Improper verification of cryptographic signature in Keycloak - CVE-2024-8698

ID:10601 - Exploit for Improper verification of cryptographic signature in Keycloak - CVE-2024-8698

Published: October 11, 2024

Vulnerability identifier: #VU97621

Vulnerability risk: Medium

CVE-ID: CVE-2024-8698

CWE-ID: CWE-347

Exploitation vector: Remote access

Vulnerable software:
Keycloak

Link to public exploit:

https://github.com/huydoppaz/CVE-2024-8698-POC

Vulnerability description

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to improper validation of SAML signature within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Reference element used to specify the signed element. A remote user can create crafted responses that bypass the validation, potentially leading to privilege escalation or impersonation attacks.

Remediation

Install updates from vendor's website.

ID:10601 - Exploit for Improper verification of cryptographic signature in Keycloak - CVE-2024-8698

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human