Headline
GHSA-c7xw-p58w-h6fj: Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Impersonation and lockout are possible due to email trust not being handled correctly in Keycloak. Since the verified state is not reset when the email changes, it is possible for users to shadow others with the same email and lock out or impersonate them.
Keycloak: Impersonation and lockout possible through incorrect handling of email trust
Moderate severity GitHub Reviewed Published Jul 18, 2023 in keycloak/keycloak • Updated Jul 18, 2023
Related news
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.
A flaw was found in Keycloak. This flaw allows impersonation and lockout due to the email trust not being handled correctly in Keycloak. An attacker can shadow other users with the same email and lockout or impersonate them.