CVE-2019-14909
HIGHKeycloak 7.x - Authentication Bypass via LDAP Anonymous Bind
Title source: llmDescription
A vulnerability was found in Keycloak 7.x where the user federation LDAP bind type is none (LDAP anonymous bind), any password, invalid or valid will be accepted.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14909
Scores
CVSS v3
8.3
EPSS
0.0108
EPSS Percentile
60.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Details
CWE
CWE-305
CWE-287
CWE-592
Status
published
Products (3)
org.keycloak/keycloak-parent
7.0.0Maven
redhat/keycloak
7.0.0
redhat/keycloak
7.0.1
Published
Dec 04, 2019
Tracked Since
Feb 18, 2026