CVE-2021-3424: 
Java vulnerability analysis and mitigation

A vulnerability (CVE-2021-3424) was discovered in Keycloak as shipped in Red Hat Single Sign-On 7.4, where IDN (Internationalized Domain Name) homograph attacks are possible. The vulnerability was discovered by Kristian Klausen and disclosed in February 2021. This flaw allows a malicious user to register themselves with a name that appears identical to an already registered user, potentially leading to privilege escalation through admin confusion (Red Hat Bugzilla, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The vulnerability is classified under CWE-287 (Improper Authentication). The attack vector is network-accessible, requires low attack complexity, needs no privileges, and requires no user interaction (NVD).

The vulnerability allows attackers to potentially trick administrators into granting elevated privileges by registering usernames that appear identical to existing users through IDN homograph techniques. This could lead to unauthorized access and privilege escalation within the system (Red Hat Advisory).

Red Hat has addressed this vulnerability by releasing security updates. The fix was included in Red Hat Single Sign-On version 7.4.7, distributed through multiple security advisories including RHSA-2021:2063, RHSA-2021:2064, RHSA-2021:2065, and RHSA-2021:2070. Users are advised to update to the patched version (Red Hat Advisory).