A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat keycloak 7.0.0 |
||
redhat keycloak 7.0.1 |