CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-14910

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1760%
EPSS Percentile36.13th
Published2019年12月5日
Last Modified2024年11月21日

Vulnerability Description

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.

Affected Platforms (CPE)

📦
Redhat

Keycloak

= 7.0.0
📦
Redhat

Keycloak

= 7.0.1

References & Advisories

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910
🔗 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14910

相关漏洞威胁

CVE-2026-4638910.0

UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Ident...

CVE-2017-74749.8

It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw...

CVE-2021-201959.6

A flaw was found in keycloak in versions before 13.0.0. A Self Stored XSS attack vector escalating to a complete account takeover ...

CVE-2020-17319.1

A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a ra...