Lucene search
GitHub Advisory DatabaseGHSA-CQ42-VHV7-XR7PHistoryJun 12, 2024 - 7:42 p.m.
Keycloak Denial of Service via account lockout
2024-06-1219:42:21
CWE-640
GitHub Advisory Database
github.com
keycloak
account lockout
vulnerability
email username
registration
software
7.1 High
AI Score
Confidence
Low
In any realm set with โUser (Self) registrationโ a user that is registered with a username in email format can be โlocked outโ (denied from logging in) using his username.
Affected configurations
Node
org.keycloak\keycloakMatchservices
| CPE | Name | Operator | Version |
|---|---|---|---|
| org.keycloak:keycloak-services | lt | 24.0.0 |
7.1 High
AI Score
Confidence
Low