keycloak-saml-core is vulnerable to sensitive information disclosure. The attack exists because SAML messages are being parsed by replacing the string to obtain the attribute values with the system property in StaxParserUtil
class. Therefore, attacker can just parse the chosen system property name through the SAML request ID field and can get the response with system property value in InResponseTo
filed .