CVE List


Critical 9.8

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.

Published December 5, 2019.

Affected software

Redhat Keycloak

Reference links

Sign Up for Alerts