A flaw was found in Keycloak in versions prior to 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an malicious user to perform a man-in-the-middle (MITM) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat keycloak |
||
redhat openstack 10 |