A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
[
{
"product": "keycloak",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in v15.1.0"
}
]
}
]