CVE - CVE-2021-3827

CVE-ID
CVE-2021-3827	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://access.redhat.com/security/cve/CVE-2021-3827 URL:https://access.redhat.com/security/cve/CVE-2021-3827 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2007512 URL:https://bugzilla.redhat.com/show_bug.cgi?id=2007512 MISC:https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d URL:https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d MISC:https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v URL:https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
Assigning CNA
Red Hat, Inc.
Date Record Created
20210924	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20210924)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)