org.keycloak:keycloak-ldap-federation@26.0.8 vulnerabilities

latest version

26.1.0

first published

10 years ago

latest version published

1 months ago

licenses detected

Apache-2.0
[1.0-beta-4,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.keycloak:keycloak-ldap-federation package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Authentication Bypass Using an Alternate Path or Channel Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel that allows a user with an expired or disabled Active Directory account to trigger a password reset and gain access to the account. This is due to the fact that the password reset operation is executed without first validating the new credentials against Active Directory via an LDAP bind. How to fix Authentication Bypass Using an Alternate Path or Channel? There is no fixed version for `org.keycloak:keycloak-ldap-federation`.	[0,)

Authentication Bypass Using an Alternate Path or Channel

Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel that allows a user with an expired or disabled Active Directory account to trigger a password reset and gain access to the account. This is due to the fact that the password reset operation is executed without first validating the new credentials against Active Directory via an LDAP bind.

How to fix Authentication Bypass Using an Alternate Path or Channel?

There is no fixed version for org.keycloak:keycloak-ldap-federation.

[0,)

Go back to all versions of this package