Luca Leonardo Scorcia

**Name of the Vulnerable Software and Affected Versions** keycloak versions 11.0.3 through 13.0.0 **Description** A flaw was found in the direct-grant authenticator of keycloak, where an expired certificate would be accepted due to missing time stamp validations. The highest threat from this issue is to data confidentiality and integrity. **Recommendations** For keycloak versions 11.0.3 through 12.0.0, update to version 14.0.0 to fully resolve the issue. For keycloak versions 13.0.0, update to version 14.0.0 for a more complete fix, as version 13.0.1 only partially addresses the issue. As a temporary workaround, consider restricting the use of the direct-grant authenticator until a patch is applied.