CVE-2024-1722

Name of the Vulnerable Software and Affected Versions Keycloak (affected versions not specified)

Description A flaw was found in Keycloak, which may allow a remote unauthenticated attacker to block other accounts from logging in under certain conditions. This issue is related to an overly restrictive mechanism for blocking user credentials. In realms set with "User (Self) registration", a user registered with a username in email format can be locked out using their username.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.