How severe is CVE-2021-3827?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2021-3827?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2021-3827 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.

Related Vulnerabilities

CVE-2014-2005

MEDIUM

CVSS:6.8(Medium)

Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically ...

CWE-2872014

CVE-2016-4484

MEDIUM

CVSS:6.8(Medium)

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.

CWE-2872016

CVE-2017-10709

MEDIUM

CVSS:6.8(Medium)

The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.

CWE-2872017

CVE-2017-12610

MEDIUM

CVSS:6.8(Medium)

In Apache Kafka 0.10.0.0 to 0.10.2.1 and 0.11.0.0 to 0.11.0.1, authenticated Kafka clients may use impersonation via a manually crafted protocol message with SASL/PLAIN or SASL/SCRAM authentication wh...

CWE-2872017

CVE-2017-15351

MEDIUM

CVSS:6.8(Medium)

The 'Find Phone' function in Huawei Honor V9 play smart phones with versions earlier than Jimmy-AL00AC00B135 has an authentication bypass vulnerability. Due to improper authentication realization in t...

CWE-2872017

CVE-2017-16242

MEDIUM

CVSS:6.8(Medium)

An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access...

CWE-2872017