.png)
2 months ago
18 BOOK THIS SPACE FOR AD
ARTICLE AD
A few months ago, during a security assessment of a client’s system, I stumbled upon a critical flaw in the TVH authentication server that could expose sensitive information. This vulnerability, identified as CVE-2020–27838, allows unauthorized access to client registration details in Keycloak, potentially compromising the confidentiality of sensitive data. Here’s how I discovered and explored this vulnerability.
While testing the TVH authentication server, I identified a vulnerability in the Keycloak client registration endpoint that allowed information exposure without proper authentication. Specifically, I found that the endpoint at https://xxxxxxx.tvh.com/auth/realms/master/clients-registrations/default/security-admin-console was leaking sensitive details.
Bug Name: Information ExposureBug Priority: MediumVulnerable URL: https://xxxx.tvh.com/auth/realms/master/clients-registrations/default/security-admin-consoleCVE Description:
This vulnerability was found in Keycloak versions prior to 13.0.0. The issue lies in the client registration endpoint, which allows fetching information about PUBLIC clients, including the client secret, without requiring authentication. This becomes particularly dangerous if a PUBLIC client is later switched to CONFIDENTIAL status, as the previously exposed secrets could still be accessed without proper authorization. The highest risk from this flaw is the potential compromise of data confidentiality.
The vulnerability allows an attacker to gain sensitive information from the Keycloak server, which could be exploited to access or manipulate client data. This could lead to unauthorized access to confidential information, potentially compromising the integrity of the affected system.
To streamline the process of identifying this vulnerability, I developed a Python tool that automates the testing of the vulnerable endpoint. You can easily install and use this tool as follows:
ToolPOC: CVE-2020–27838 on github
pip install CVE-2020-27838CVE-2020-27838 --chatid <YourTelegramChatID>To Check a Single URL:CVE-2020-27838 -u http://mytargetprogram.comTo Check a List of URLs:CVE-2020-27838 -i urls.txt
To demonstrate the vulnerability, the tool automates the process of testing the endpoint for information exposure. Here’s a sample POC image:
To mitigate this vulnerability, it is essential to apply the latest security patches or updates provided by the Keycloak vendor. Updating to a version later than 13.0.0 will resolve this issue by requiring proper authentication before accessing sensitive client information.
POC by: @karthithehacker
Mail: contact@karthithehacker.com
Website: https://www.karthithehacker.com/
If you’re interested in our VAPT service, contact us at ceo@cappriciosec.com or contact@cappriciosec.com.
For enrolling my cybersecurity and Bugbounty course,
WhatsApp +91 82709 13635.
Twitter: https://twitter.com/karthithehacker
Instagram: https://www.instagram.com/karthithehacker/
LinkedIn: https://www.linkedin.com/in/karthikeyan--v/
Website: https://www.karthithehacker.com/
Github : https://github.com/karthi-the-hacker/
npmjs: https://www.npmjs.com/~karthithehacker
Youtube: https://www.youtube.com/@karthi_the_hacker
Thank you
Bengali (Bangladesh) · 
English (United States) ·