CVE-2020-1744: Information Exposure
(updated )
A flaw was found in keycloak. When configuring a conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector
does not handle these events.
References
Detect and mitigate CVE-2020-1744 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →