CVE-2019-14909

CVSS v3.1 8.3 (High)

CVSS v2.0 7.5 (High)

EPSS 0.09 % (39^th)

Affected Products 1

Advisories 1

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

Weaknesses

CWE-287: Improper Authentication
CWE-305: Authentication Bypass by Primary Weakness
CWE-592: DEPRECATED: Authentication Bypass Issues

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2019-12-04 15:15:11
(4 years ago)
Updated Date: 2019-12-16 16:35:08
(4 years ago)

Affected Products

Redhat

Keycloak

Configuration #1

		CPE23	From	Up To
	Redhat Keycloak 7.0.0	cpe:2.3:a:redhat:keycloak:7.0.0
	Redhat Keycloak 7.0.1	cpe:2.3:a:redhat:keycloak:7.0.1