Keycloak 7.x User Federation LDAP Anonymous Bind Vulnerability
CVE-2019-14909 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
Learn more about our Cis Benchmark Audit For Bind.