A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-01-07T16:33:21

Updated: 2024-08-05T00:26:39.127Z

Reserved: 2019-08-10T00:00:00

Link: CVE-2019-14837

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-01-07T17:15:11.033

Modified: 2024-11-21T04:27:28.110

Link: CVE-2019-14837

cve-icon Redhat

Severity : Important

Publid Date: 2019-12-02T00:00:00Z

Links: CVE-2019-14837 - Bugzilla