Information Disclosure
Keycloak is vulnerable to Information Disclosure. The vulnerability is due to differing error responses in the SAML ECP endpoint, where specially crafted SOAP requests with varying client IDs can trigger distinct faultstring values. An unauthenticated attacker can use these responses to determine...