Abstractj

**Name of the Vulnerable Software and Affected Versions** Keycloak (affected versions not specified) **Description** A flaw was found in Keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an `AuthnRequest` and `Authorization` header with the user's credentials, specifically the `username` and `password`. The highest threat from this issue is to confidentiality and integrity. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.