9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2019-14910

GHSA ID

GHSA-jf86-9434-f8c2

EPSS Score

0.62114%

CWE

CWE-278

Published

5/24/2022

Updated

9/26/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-14910

CVE-2019-14910: Keycloak Authentication Error

A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server (ldaps), in this case user authentication succeeds even if invalid password has entered.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2019-14910

CVE-2019-14910:

9.8

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2019-14910

GHSA ID

GHSA-jf86-9434-f8c2

EPSS Score

0.62114%

CWE

CWE-278

Published

5/24/2022

Updated

9/26/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.keycloak:keycloak-parent	maven	>= 7.0.0, <= 7.0.1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability arises from improper handling of StartTLS in LDAP authentication. Keycloak's LDAP connection setup (LDAPUtils.createLDAPConnection) likely fails to enforce proper certificate validation or error handling during StartTLS negotiation, leaving the connection in an insecure state. The password validation function (LDAPIdentityStore.validatePassword) then proceeds with authentication without verifying the TLS-secured bind operation's success. This combination allows invalid passwords to be accepted when StartTLS is misconfigured. The CWEs (278, 295) and symptom description align with these functions' responsibilities in secure connection handling and authentication checks.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

9.8

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2019-14910: Keycloak Authentication Error

CVE-2019-14910:

9.8

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

9.8

9.8

CVE-2019-14910: Keycloak Authentication Error

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI