A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2020-05-15T18:52:52
Updated: 2024-08-04T06:46:30.910Z
Reserved: 2019-11-27T00:00:00
Link: CVE-2020-1758
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-05-15T19:15:12.430
Modified: 2024-11-21T05:11:19.473
Link: CVE-2020-1758
Redhat