Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an…
The Keycloak interface in the Arqit SKA-Platform has an issue with how it manages idle session timeouts. If an authenticated user leaves their browser session active and unattended, an attacker with physical access to that device could take over the session. This allows the attacker to impersonate the legitimate user and perform actions within the platform as if they were that user.
Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03.
An attacker with physical access could impersonate an authenticated user on the Arqit SKA-Platform by leveraging an unexpired browser session, representing a low-severity risk.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
0
Affected Products
1
References
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
Exploitability
Impact