CVE-2024-4629: Improper Enforcement of a Single, Unique Action
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
CVE-2024-4629: Improper Enforcement of a Single, Unique Action
Description
A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2024-05-07T20:47:03.184Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 692013a1ce2640f942c6ad51
Added to database: 11/21/2025, 7:24:17 AM
Last updated: 11/21/2025, 7:24:26 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-4028: Improper Input Validation
LowCVE-2024-6501: Uncontrolled Resource Consumption
LowCVE-2024-6126: Uncontrolled Resource Consumption
LowCVE-2024-5967: Incorrect Default Permissions
LowCVE-2024-5742: Improper Link Resolution Before File Access ('Link Following')
MediumActions
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.