<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks for pointing this. Will be fixed
in 1.5.0. <br>
<br>
Marek<br>
<br>
On 04/09/15 04:08, Kenyatta Clark wrote:<br>
</div>
<blockquote cite="mid:D20E6750.16ABD%25kclark@mbopartners.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div>
<div>
<div>We were testing mobile access scenarios and discovered
that we are able to obtain an access token using an AD user
with a blank password. Keycloak works as expected if the
password parameter is not sent, password sent is correct or
password sent is incorrect; however, when we send a password
without a value Keycloak returns an access token. We are
using Keycloak 1.4.0.Final. We have confirmed with the
issue using two different installations of 1.4.0.Final. We
have tested the same scenario with Keycloak 1.3.1.Final and
it works as expected.</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><b><span style="font-family: Georgia,
serif; color: rgb(160, 11, 16);">Kenyatta Clark<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><b><span style="font-family: Georgia,
serif; color: rgb(53, 52, 51);">Principal Engineer,
Systems Development<o:p></o:p></span></b></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><span style="font-family: Georgia,
serif; color: rgb(53, 52, 51);">MBO Partners<o:p></o:p></span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><span style="font-family: Georgia,
serif; color: rgb(53, 52, 51);"> </span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><b><span style="font-family: Georgia,
serif; color: rgb(53, 52, 51);">t:</span></b><span
style="font-family: Georgia, serif; color: rgb(53, 52,
51);"> 703.793.6314</span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><b><span style="font-family: Georgia,
serif; color: rgb(53, 52, 51);">w:</span></b><span
style="font-family: Georgia, serif; color: rgb(53, 52,
51);"> <a moz-do-not-send="true"
href="http://www.mbopartners.com/" style="color:
purple;">www.mbopartners.com</a><o:p></o:p></span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><span style="font-family: Georgia,
serif; color: rgb(53, 52, 51);"><br>
</span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><img
src="cid:part2.08010309.05020902@redhat.com"
type="image/png"></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><span style="font-size: 10pt;
font-family: Georgia, serif;"> </span></p>
<p class="MsoNormal" style="margin: 0in 0in 0.0001pt;
font-size: 11pt;"><span style="font-size: 7pt;
font-family: Georgia, serif; color: rgb(53, 52, 51);">Notice:
This email and any files transmitted with it are
confidential. They are intended solely for the use of
the individual addressed. If you have received this
email in error please notify <a moz-do-not-send="true"
href="mailto:postmaster@mbopartners.com"
style="color: purple;"><span style="color: rgb(53,
52, 51);">postmaster@mbopartners.com</span></a>and
permanently delete the e-mail and files.</span></p>
</div>
<br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>