A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2020-05-15T18:52:52

Updated: 2024-08-04T06:46:30.910Z

Reserved: 2019-11-27T00:00:00

Link: CVE-2020-1758

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-05-15T19:15:12.430

Modified: 2024-11-21T05:11:19.473

Link: CVE-2020-1758

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-05-12T00:00:00Z

Links: CVE-2020-1758 - Bugzilla