---

CVE-2021-3827 - log back

CVE-2021-3827 edited at 04 Apr 2022 23:28:22
Notes	+ backported to 17.0.1-3 https://github.com/archlinux/svntogit-community/commit/d337b5e05da257868e1fec7eaa9544cb30fb6736

CVE-2021-3827 edited at 04 Apr 2022 22:23:05
References	https://bugzilla.redhat.com/show_bug.cgi?id=2007512 https://issues.redhat.com/browse/KEYCLOAK-19177 + https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d

CVE-2021-3827 edited at 24 Sep 2021 09:44:20
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Authentication bypass
Description	+ A security issue was found in keycloak version 15 where because of the default ECP binding flow, any other authentication flow can be bypassed. By exploiting this behavior, an attacker would be able to bypass the MFA authentication by sending a SOAP request with AuthnRequest and Authorization header with the user credentials.
References	+ https://bugzilla.redhat.com/show_bug.cgi?id=2007512 + https://issues.redhat.com/browse/KEYCLOAK-19177

CVE-2021-3827 created at 24 Sep 2021 09:43:27
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes