6.8

CVE-2021-3827

ECP SAML binding bypasses authentication flows

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.
Mögliche Gegenmaßnahme
Keycloak Server: Install latest version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatKeycloak Version < 18.0.0
RedhatSingle Sign-on Version7.0
RedhatSingle Sign-on Version7.5.0
   RedhatEnterprise Linux Version7.0
   RedhatEnterprise Linux Version8.0 SwEdition-
RedhatOpenshift Container Platform Version4.8
   RedhatEnterprise Linux Version8.0
RedhatOpenshift Container Platform Version4.9
   RedhatEnterprise Linux Version8.0
Weitere Schwachstelleninformationen
SystemKeycloak
Produkt Keycloak Server
Version < 18.0.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.87% 0.542
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 1.6 5.2
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://access.redhat.com/security/cve/CVE-2021-3827
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2007512
Vendor Advisory
Issue Tracking
https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d
Patch
Third Party Advisory
https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
Third Party Advisory
https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v
Third Party Advisory