Bug 2096994 (CVE-2022-2232) - CVE-2022-2232 keycloak: LDAP injection on username input Key Information: Bug ID: 2096994 CVE ID: CVE-2022-2232 Product: Security Response Component: vulnerability Version: unspecified Severity: low Reported: 2022-06-14 16:48 UTC by Pedro Sampaio Modified: 2024-02-08 06:29 UTC Fixed In Version: If docs needed, set a value Doc Type: If docs needed, set a value Doc Text: A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. Environment: Not specified Last Closed: Not specified Embargoed: Not specified Description: In the Username Form (where you enter only the username without password) one can enter for example "" or "a" or something else and it is accepted. Note: You need to log in before you can comment on or make changes to this bug.