CVE-2021-3827 log

Source
Severity High
Remote Yes
Type Authentication bypass
Description
A security issue was found in keycloak version 15 where because of the default ECP binding flow, any other authentication flow can be bypassed. By exploiting this behavior, an attacker would be able to bypass the MFA authentication by sending a SOAP request with AuthnRequest and Authorization header with the user credentials.
Group Package Affected Fixed Severity Status Ticket
AVG-1332 keycloak 15.0.2-1 High Vulnerable
References
https://bugzilla.redhat.com/show_bug.cgi?id=2007512
https://issues.redhat.com/browse/KEYCLOAK-19177