VDB
KO
HIGH 7.8

PYSEC-2026-828

keycloak-httpd-client-install Insecure Secrets

Details

keycloak-httpd-client-install versions before 0.8 allow users to insecurely pass password through command line, leaking it via command history and process info to other local users.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / keycloak-httpd-client-install
Introduced in: 0 Fixed in: 0.8
Fix pip install --upgrade 'keycloak-httpd-client-install>=0.8'

References