CVE-2021-3827

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.

CVSS v3.0 6.8 MEDIUM

6.8^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d	Patch Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2007512	Issue Tracking Vendor Advisory
https://access.redhat.com/security/cve/CVE-2021-3827	Vendor Advisory
https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v	Third Party Advisory

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:single_sign-on:7.0:::::::*
	cpe:2.3:a:redhat:keycloak::::::::

Configuration 2 (hide)

AND

cpe:2.3:a:redhat:single_sign-on:7.5.0:*:*:*:*:*:*:*

OR	cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0::::-:::

Configuration 3 (hide)

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.8:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.9:::::::*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2022-08-23 09:15

Updated : 2022-11-30 10:46

NVD link : CVE-2021-3827

Mitre link : CVE-2021-3827

JSON object : View

CWE

CWE-287

Improper Authentication

Advertisement

Products Affected

redhat

enterprise_linux
single_sign-on
keycloak
openshift_container_platform

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d", "name": "https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2007512", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2007512", "tags": ["Issue Tracking", "Vendor Advisory"], "refsource": "MISC"}, {"url": "https://access.redhat.com/security/cve/CVE-2021-3827", "name": "https://access.redhat.com/security/cve/CVE-2021-3827", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v", "name": "https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-287"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-3827", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}}, "publishedDate": "2022-08-23T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "18.0.0"}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:7.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-11-30T18:46Z"}