Fluid Attacks Database

Description

Keycloak Authentication Error A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
maven	org.keycloak:keycloak-parent	>=7.0.0 <=7.0.1	8.0.0
npm	keycloak-connect	>=7.0.0 <=7.0.1	8.0.0

Aliases

1. CVE-2019-149092. NVD-2019-149093. OSV-2019-149094. GCVE-2019-149095. ACCESS-cve-2019-149096. bugzilla.redhat.com

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.