keycloak is vulnerable to information disclosure. The vulnerability exists because it does not properly handle the session expiration of previously logged out user, allowing a malicious user to access the information of previous user in the account manager section .