CVE-2019-14910
CVE-2019-14910 affects Keycloak 7.x when LDAP user federation uses StartTLS instead of LDAPS. The documented flaw allows authentication to succeed with an invalid password due to errors in the authentication procedure, enabling potential unauthorized access. Reported by multiple sources (Red Hat ...