A security issue was found in Keycloak where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser.
A security issue was found in Keycloak where re-authentication does not occur while updating the password. This flaw allows an attacker to take over an account if they can obtain temporary, physical access to a user’s browser.
https://bugzilla.redhat.com/show_bug.cgi?id=1933639 https://issues.redhat.com/browse/KEYCLOAK-17250