ZITADEL 授权问题漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the age of containers and serverless, open sourced by ZITADEL in Switzerland. ZITADEL suffers from an authorization issue vulnerability that stems from a missing security check that allows...

GHSA-5Q66-V53Q-PM35 Keycloak vulnerable to Plaintext Storage of User Password

A flaw was discovered in Keycloak Core package. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular attributes in the users attributes. The password is also created, but the user attributes must not be there. This...