A flaw was found in keycloack before version 8.0.0. The owner of ‘’ domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name ‘test’ the email address will be ‘[email protected]’.

Source: CVE-2019-14837

댓글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다

Time limit is exhausted. Please reload the CAPTCHA.