{"id":"CVE-2021-3827","details":"A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.","aliases":["GHSA-4pc7-vqv5-5r3v"],"modified":"2026-04-11T21:23:11.633344Z","published":"2022-08-23T16:15:10.030Z","related":["GHSA-4pc7-vqv5-5r3v"],"references":[{"type":"ADVISORY","url":"https://github.com/keycloak/keycloak/security/advisories/GHSA-4pc7-vqv5-5r3v"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2021-3827"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2007512"},{"type":"FIX","url":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/keycloak/keycloak","events":[{"introduced":"0"},{"fixed":"ef47eee2dda29a0f08187ae67970323c28947f11"},{"introduced":"0"},{"last_affected":"e6a274ea0e31c6572e795f3372f006c88122539b"},{"introduced":"0"},{"last_affected":"2a62b605927b143402b907da74b3385af9f1497f"},{"fixed":"44000caaf5051d7f218d1ad79573bd3d175cad0d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"18.0.0"},{"introduced":"0"},{"last_affected":"7.0"},{"introduced":"0"},{"last_affected":"4.8"}]}}],"versions":["1.0-alpha-1","1.0-alpha-1-12062013","1.0-alpha-2","1.0-alpha-3","1.0-beta-1","1.0-beta-2","1.0-beta-4","1.0-final","1.0-rc-1","1.0.0.Final","1.1.0.Beta2","1.3.0.Final","2.4.0.Test","4.8.0.Final","7.0.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"4.9"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3827.json","vanir_signatures":[{"digest":{"length":218,"function_hash":"212520189598204178500964708070234797586"},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"function":"loginRequest","file":"services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java"},"signature_version":"v1","id":"CVE-2021-3827-0ce03a52","signature_type":"Function"},{"digest":{"length":967,"function_hash":"337609130849563125041671062038873152750"},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"function":"authenticate","file":"services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java"},"signature_version":"v1","id":"CVE-2021-3827-0f20571d","signature_type":"Function"},{"digest":{"length":571,"function_hash":"229822663848810032433486863252380922536"},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"function":"getSAMLAttributes","file":"testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/AbstractClientTest.java"},"signature_version":"v1","id":"CVE-2021-3827-28653c2b","signature_type":"Function"},{"digest":{"line_hashes":["215631491411821070735376067293962108975","153274152995229797125408961090909558014","196906707112998722270429638704590139521"],"threshold":0.9},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"file":"services/src/main/java/org/keycloak/protocol/saml/SamlClient.java"},"signature_version":"v1","id":"CVE-2021-3827-28d450a3","signature_type":"Line"},{"digest":{"line_hashes":["303113043750418129978948625143359276695","50600244543103772106103076178352133789","53199942007266921693907482212773939756","300331519814893254396376102106874850542","177642077267557112949817193022767895774","201640588455627099057551455880302069007","132191498884138545855130154810077282660","33074117328358666953762908824175643007","174665203706532660485280429815132231673","312036669604126178477304735812201591625","187696191168375888130994474940785440993","154166949919666895295004725385238123568","232464218934570735464771003828110683891","109738459045191713589074003524583212459","324800613511599023792950666231392306391","38727632609551529204256312903936643559","155382758246502914120443924506367729642","245697714257191739408878735336936515937","265464357186111349375911640630801083816","187911743487843818094175935460594876358"],"threshold":0.9},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"file":"services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java"},"signature_version":"v1","id":"CVE-2021-3827-54b9c5f9","signature_type":"Line"},{"digest":{"line_hashes":["242208758497214254032276970629661874084","92786398114558933779208644309221700376","319183704959866635175550306817086900890","218860084448227716502231274369250366898","184214818657965614289254117886226648911","267821224645019617484266030885081106641","247588290786554071760075432191110629104","325429256297616887990440082106330935940","274430695167334970725585165938921011266","36161509126850640871188678028296929299","240604975300362109378643260920622173318","131768632528878448803158444790371295139","106773418870468777690420752724497242021","192169984922763104231261301706465935877"],"threshold":0.9},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"file":"testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/saml/SOAPBindingTest.java"},"signature_version":"v1","id":"CVE-2021-3827-55123f95","signature_type":"Line"},{"digest":{"line_hashes":["340219240950948077348739593903278686649","130147151841730810456753002980713389147","270636818886313678145718310748278658077"],"threshold":0.9},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"file":"services/src/main/java/org/keycloak/protocol/saml/SamlProtocolFactory.java"},"signature_version":"v1","id":"CVE-2021-3827-5ab2182a","signature_type":"Line"},{"digest":{"line_hashes":["248376261775518755884085016100021397800","241159967194685929503018579458896404917"],"threshold":0.9},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"file":"services/src/main/java/org/keycloak/protocol/saml/SamlConfigAttributes.java"},"signature_version":"v1","id":"CVE-2021-3827-6711d089","signature_type":"Line"},{"digest":{"line_hashes":["72214456052989565771379347775731267671","269748710327618109730855313997807446944","110567558295193260292399838623466549971"],"threshold":0.9},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"file":"services/src/main/java/org/keycloak/protocol/saml/SamlRepresentationAttributes.java"},"signature_version":"v1","id":"CVE-2021-3827-9dd4849d","signature_type":"Line"},{"digest":{"length":143,"function_hash":"15474601392909960575014213533422232984"},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"function":"newBrowserAuthentication","file":"services/src/main/java/org/keycloak/protocol/saml/profile/ecp/SamlEcpProfileService.java"},"signature_version":"v1","id":"CVE-2021-3827-bb88962b","signature_type":"Function"},{"digest":{"line_hashes":["262448539613015048050468235855552886857","161577943999875728619213063088740100855","139479522431928068460446647230805072198","57027836670440250492580950285133141047","25447803686384105175420968018674080952","61626490176544290083774503397687046298","235062060019871467180772940324765782232"],"threshold":0.9},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"file":"testsuite/integration-arquillian/tests/other/console/src/main/java/org/keycloak/testsuite/console/page/clients/settings/ClientSettingsForm.java"},"signature_version":"v1","id":"CVE-2021-3827-c9193e5f","signature_type":"Line"},{"digest":{"length":1090,"function_hash":"92195846826912487523187516165704135296"},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"function":"setupClientDefaults","file":"services/src/main/java/org/keycloak/protocol/saml/SamlProtocolFactory.java"},"signature_version":"v1","id":"CVE-2021-3827-d454da2d","signature_type":"Function"},{"digest":{"line_hashes":["261382111650982316217373406955032870749","7580793112656923761660827935395635737","57497680790517225217297284316347312734","314814614031498990191621479315114542648","272989190597646595465045792083163895908","9490103238962051827470928930238024525","229769017734929162994427375062378599112","14969731917488955508659134847527781240","251410923360235723437317991576722681085","249709805156436776357546495028473612139","132727765054566970678779110334979206145","185002285512663754688403608150642255192"],"threshold":0.9},"source":"https://github.com/keycloak/keycloak/commit/44000caaf5051d7f218d1ad79573bd3d175cad0d","deprecated":false,"target":{"file":"testsuite/integration-arquillian/tests/other/console/src/test/java/org/keycloak/testsuite/console/clients/AbstractClientTest.java"},"signature_version":"v1","id":"CVE-2021-3827-e11b9ac8","signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T21:23:11Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}