CVE-2021-3827

CWE-287 — Improper Authentication5 documents5 sources

Severity

6.8MEDIUM

EPSS

0.2%

top 56.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

3

Redhat Keycloak Redhat Openshift Container Platform Redhat Single Sign-on

Timeline

PublishedAug 23

Description

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages4 packages

▶NVDredhat/keycloak< 18.0.0

▶Mavenorg.keycloak:keycloak-saml-core< 18.0.0

▶CVEListV5keycloakFixed in v18.0.0

▶NVDredhat/single_sign-on7.0, 7.5.0+1

Also affects: Openshift Container Platform 4.8, 4.9

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

3

CVEList

CVE-2021-3827: A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed↗2022-08-23

▶

GHSA

ECP SAML binding bypasses authentication flows↗2022-04-27

▶

OSV

ECP SAML binding bypasses authentication flows↗2022-04-27

▶

📋Vendor Advisories

1

Red Hat

keycloak-server-spi-private: ECP SAML binding bypasses authentication flows↗2021-09-02

▶

CVE-2021-3827 (MEDIUM CVSS 6.8) | A flaw was found in keycloak | cvebase.io