A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality.
{ "cwe_ids": [ "CWE-209", "CWE-522" ], "severity": "HIGH", "github_reviewed_at": "2022-08-30T20:24:22Z", "github_reviewed": true, "nvd_published_at": "2022-08-22T15:15:00Z" }