CVE-2019-14909
8.3HIGHA vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
Published: 12/4/2019Updated: 11/21/2024
Description
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
AI AnalysisPowered by AI
Affected Products
redhatkeycloak
7.0.0
redhatkeycloak
7.0.1
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909Issue TrackingThird Party Advisory