Realm Master Secret Leaked


I’m studying the security of Keycloak, and I want to know what security impact the leakage of the Realm Master Secret Leaked could have? If an attacker obtains this key without any other authentication, what he could do to the system?



What do you mean by ‘master secret’ ? The admin console password ?
As far i know, the private keys used for SAML or oAUTH are not accessible, at least easily, but if these leak, this could allow attackers from modify the SAML or oAUTH responses and gain any access to your SPs


1 Like