CVE-2019-10201

Name of the Vulnerable Software and Affected Versions Keycloak versions up to 6.0.1

Description The issue is related to the SAML broker component, which does not properly verify missing message signatures. This allows an attacker to modify the SAML Response by removing the <Signature> sections, and the message is still accepted. As a result, the message can be modified, potentially enabling an attacker to impersonate other users and gain unauthorized access to sensitive information. The vulnerability is related to incorrect authentication in the SAML broker component, which can be exploited by a remote attacker to gain unauthorized access to the system by modifying the SAML response.

Recommendations For Keycloak versions up to 6.0.1, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.