Keycloak 7.x Improper Authentication Vulnerability

Summary

Keycloak 7.x suffers from improper authentication vulnerability.

Credit:

The information has been provided by Clément Dufaure

The original article can be found at:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909


Details

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

 

Vulnerable Systems:

Keycloak 7.x

 

CVE Information:

CVE-2019-14909

 

Disclosure Timeline:
Published Date:12/4/2019

Categories: News