CVE-2019-14910
published 2019-12-05CVE-2019-14910: A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redhat | keycloak | — | — |
| redhat | keycloak | — | — |
| redhat | keycloak | — | — |