A flaw was found in keycloak as shipped in Red Hat Single Sign-On 7.4 where IDN homograph attacks are possible. A malicious user can register himself with a name already registered and trick admin to grant him extra privileges.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Single_sign-on | Redhat | 7.4 (including) | 7.4 (including) |