Improper Session Management
Keycloak is vulnerable to improper session management. The vulnerability is due to reuse of session identifiers and improper cleanup during logout when browser cookies are missing, which allows an attacker to gain unauthorized access to another user’s active session and receive their authenticati...