Keycloak 7.x User Federation LDAP Anonymous Bind Vulnerability

CVE-2019-14909 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.

Learn more about our Cis Benchmark Audit For Bind.