Signature Bypass / Authentication Bypass in Governikus Autent SDK

Project Description

The German government-issued identity card (nPA) allows German citizens to prove their identity not only in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications.

An additional blog post has been published on this topic as well: English | German

 

EOF W. Ettlinger / @2018

 

 

Interested to work with the experts of SEC Consult? Send us your application.
Want to improve your own cyber security with the experts of SEC Consult?
Contact our local offices.

Project Details