A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.
CPE | Name | Operator | Version |
---|---|---|---|
keycloak | lt | 15.1.0 | |
single_sign-on | eq | 7.0 | |
single_sign-on | ge | 7.4 | |
single_sign-on | lt | 7.4.9 |