Signature Bypass / Authentication Bypass in Governikus Autent SDK

Project Description

The German government-issued identity card (nPA) allows German citizens to prove their identity not only in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications.

An additional blog post has been published on this topic as well: English | German


EOF W. Ettlinger / @2018



Interested to work with the experts of SEC Consult? Send us your application.
Want to improve your own cyber security with the experts of SEC Consult?
Contact our local offices.

Project Details

    Cookie Preference

    Welche Cookies möchten Sie zulassen?

    Bitte treffen Sie eine Auswahl

    Danke! Auswahl gespeichert.


    Keine Tracking-Cookies zulassen

    To continue, you must make a cookie selection. Below is an explanation of the different options and their meaning.

    • Alle Cookies erlauben:
      All cookies such as tracking and analytics cookies.
    • Nur Cookies von dieser Seite zulassen:
      Only cookies from this website.
    • Keine Tracking-Cookies zulassen:
      No cookies except for those necessary for technical reasons are set.

    You can change your cookie setting here anytime: Blog. Blog