(security.humanativaspa.it)

189 points udev4096 | 2 comments | 14 Nov 24 13:32 UTC | HN request time: 0.4s | source

1. tgsovlerkhgsel ◴[14 Nov 24 16:03 UTC] No.42137544[source]▶

That doesn't help you fix other vulnerabilities that may have been found and reported by others but not fixed. You alone will never find all of them.

2. goku12 ◴[14 Nov 24 18:07 UTC] No.42139169[source]▶

>>42137400 (TP) #

This is a digital security company reporting their findings, along with the fix. They did everything that could be expected of them. The real problem is how long RH took to address vulnerabilities. OSS isn't an excuse. There are other OSS projects with much less resources, that take security much more seriously. To make it worse, it isn't easy switch IdP software - even for OSS ones.

↑

An analysis of the Keycloak authentication system