CVE-2021-3754

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was found in Keycloak where an attacker can register with a username that is the same as an existing user's email ID. This may cause issues with password recovery emails if the user forgets their password. The problem arises because Keycloak allows the use of email as a username and does not check if an account with that email already exists, leading to potential difficulties in resetting or logging in with the email for the affected user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.