A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1758 | Issue Tracking Vendor Advisory |
https://issues.redhat.com/browse/KEYCLOAK-13285 | Permissions Required Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-05-15T18:52:52
Updated: 2020-05-15T18:52:52
Reserved: 2019-11-27T00:00:00
Link: CVE-2020-1758
JSON object: View
NVD Information
Status : Modified
Published: 2020-05-15T19:15:12.430
Modified: 2023-11-07T03:19:33.780
Link: CVE-2020-1758
JSON object: View
Redhat Information
No data.