Headline
GHSA-cq42-vhv7-xr7p: Keycloak Denial of Service via account lockout
In any realm set with “User (Self) registration” a user that is registered with a username in email format can be “locked out” (denied from logging in) using his username.
Keycloak Denial of Service via account lockout
Low severity GitHub Reviewed Published Jun 12, 2024 in keycloak/keycloak • Updated Jun 12, 2024