Signature Bypass / Authentication Bypass in Governikus Autent SDK

Project Description

The German government-issued identity card (nPA) allows German citizens to prove their identity not only in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications.

An additional blog post has been published on this topic as well: English | German


EOF W. Ettlinger / @2018



Interested to work with the experts of SEC Consult? Send us your application.
Want to improve your own cyber security with the experts of SEC Consult?
Contact our local offices.

Project Details