Keycloak | writeups.xyz

Title	Vulnerabilities	Programs	Authors
You Can’t Always Win Racing the (Key)cloak	Race Condition LDAP Application-Level DoS	Keycloak	Maor Abutbul
POST to XSS: Leveraging Pseudo Protocols to Gain JavaScript Evaluation in SSO Flows	XSS SSO SAML OIDC OAuth	OneLogin Authentik FusionAuth Keycloak MiniOrange / Xecurify LemonLDAP:NG	Lauritz Holtmann (@_Lauritz_)
mTLS: When certificate authentication is done wrong	MTLS Improper Certificate Validation LDAP Injection SSRF	Keycloak Bouncy Castle Apereo CAS	Michael Stepankin (@Artsploit)
Vulnerability Spotlight: CVE-2023-0264	OIDC OAuth Broken Authentication Privilege Escalation Security Code Review	Keycloak	Timo Müller (@Mtimo44)
User impersonation via stolen UUID code in KeyCloak (CVE-2023-0264)	OAuth OIDC Privilege Escalation Broken Authentication	Keycloak	Jordi Zayuelas I Muñoz

Page 1 of 1