An information disclosure vulnerability exists in the challenge functionality of instipod DuoUniversalKeycloakAuthenticator 1.0.7 plugin. A specially crafted HTTP request can lead to a disclosure of sensitive information. A user logging into Keycloak using DuoUniversalKeycloakAuthenticator plugin triggers this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
duouniversalkeycloakauthenticator | lt | 1.0.8 |