[keycloak-user] Possible CSRF issue in account page.
Hello,
We have a page where the user account details can be seen (the KeyCloak
realm/account page).
On that page, the user can update his email address etc.
As part of security testing, we found that this page is vulnerable to Cross
Site Request Forgery.
Is this a known issue, or should I report in JIRA?
Also, is there a way to configure some security options in KeyCloak to
prevent CSRF?
Regards, Ushanas.
On 23-Mar-2017 10:28 AM, "Ushanas Shastri" <ushanas(a)gmail.com> wrote:
Thank you, this works.
On 22 March 2017 at 21:39, Marko Strukelj <mstrukel(a)redhat.com> wrote:
You can add a new admin user by using add-user-keycloak script:
https://keycloak.gitbooks.io/documentation/content/server_ad
min/topics/initialization.html.
Then you can log into the Admin Console and set a new password for
original admin user.
On Wed, Mar 22, 2017 at 12:51 PM, Ushanas Shastri <ushanas(a)gmail.com>
wrote:
> Hello,
> How do I reset the admin password? I don't have the admin password, and
> want to be able to reset it like it was a new install.
>
> Regards, Ushanas.
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>