Signature Bypass / Authentication Bypass In Governikus Autent SDK

Title

Signature Bypass / Authentication Bypass

Product

Governikus Autent SDK

Vulnerable Version

<=3.8.1

Fixed Version

3.8.1.2

CVE Number

Impact

critical

Homepage

https://www.governikus.de/

Found

31.05.2018

W. Ettlinger (Office Vienna) | SEC Consult Vulnerability Lab

The German government-issued identity card (nPA) allows German citizens to prove their identity not only in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications.

An additional blog post has been published on this topic as well: English | German

Zum vollständigen Advisory (Englisch).

EOF W. Ettlinger / @2018

Interesse an einer Zusammenarbeit mit den Experten von SEC Consult? Senden Sie uns Ihre Bewerbung. Möchten Sie Ihre eigene Cyber-Sicherheit mit den Experten von SEC Consult verbessern? Kontaktieren Sie unsere lokalen Büros.

Zurück

Signature Bypass / Authentication Bypass In Governikus Autent SDK

Wir nutzen Cookies

Technisch erforderlich

Analyse / Statistik

Matomo