A flaw was found in Keycloaks OIDC component in the checkLoginIframe, which allows unvalidated cross-origin messages. This flaw allows attackers to coordinate and send millions of requests in seconds using simple code, significantly impacting the applications availability without proper origin validation for incoming messages.
The product does not properly verify that the source of data or communication is valid.