Keycloak allows the use of email as a username and doesnβt check that an account with this email already exists. That could lead to the unability to reset/login with email for the user. This is caused by usernames being evaluated before emails.
CPE | Name | Operator | Version |
---|---|---|---|
org.keycloak:keycloak-services | lt | 24.0.1 |