{"id":"CVE-2020-1744","details":"A flaw was found in keycloak before version 9.0.1. When configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events.","aliases":["GHSA-4gf2-xv97-63m2"],"modified":"2026-03-23T05:12:36.307623Z","published":"2020-03-24T14:15:13.293Z","related":["openSUSE-SU-2024:10615-1","openSUSE-SU-2024:14244-1","openSUSE-SU-2024:14536-1","openSUSE-SU-2025:15605-1","openSUSE-SU-2025:15753-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2020-1744"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1744"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"9.0.1"}]},{"events":[{"introduced":"0"},{"fixed":"9.0.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1744.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}