Authentication bypass using an alternate path or channel in Keycloak - CVE-2021-3827
Published: January 20, 2022 / Updated: June 29, 2026
Keycloak
Detailed vulnerability description
The vulnerability allows a remote attacker to bypass 2FA authentication.
The vulnerability exists due to an error in ECP SAML binding flow within keycloak-server-spi-private. A remote attacker can send SOAP request with an AuthnRequest and Authorization header with the user's credentials and bypass MFA authentication.