A security issue was found in keycloak where brute force attack is possible even when Permanent lockout feature is enabled because of the wrong error message displayed when wrong credentials entered.
A security issue was found in keycloak where brute force attack is possible even when Permanent lockout feature is enabled because of the wrong error message displayed when wrong credentials entered.
https://bugzilla.redhat.com/show_bug.cgi?id=1953439 https://issues.redhat.com/browse/KEYCLOAK-17835