João Mendes

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw in the URL validation logic during redirect operations allows an attacker to bypass validation and redirect users to unauthorized URLs. This occurs when Keycloak clients are configured with a wildcard (*) in the "Valid Redirect URIs" field. The issue arises from a discrepancy between Keycloak and the Java URI implementation regarding the handling of the user-info component of a URL. Specifically, if a redirect URL contains multiple @ characters in the user-info section, the Java URI parser fails to extract the user-info, causing Keycloak to fall back to a wildcard comparison and incorrectly permit the redirect. Successful exploitation requires user interaction. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.