Security Advisory

CVE-2019-14910

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-05 14:16:00

Last updated 2024-08-05 00:34:51

Assigner redhat

State PUBLISHED

Description

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.

← Browse all CVEs View on cve.org ↗