Signature Bypass / Authentication Bypass in Governikus Autent SDK

Project Description

The German government-issued identity card (nPA) allows German citizens to prove their identity not only in person, but also against online services (by using the embedded RFID chip). A critical security vulnerability in the Governikus Autent SDK enables an attacker to impersonate arbitrary users against affected web applications.

An additional blog post has been published on this topic as well: English | German


EOF W. Ettlinger / @2018



Interested to work with the experts of SEC Consult? Send us your application.
Want to improve your own cyber security with the experts of SEC Consult?
Contact our local offices.

Project Details

    Cookie Preference

    Please select an option. You can find more information about the consequences of your choice at Help.

    Select an option to continue

    Your selection was saved!


    Reject all tracking cookies

    To continue, you must make a cookie selection. Below is an explanation of the different options and their meaning.

    • Accept all cookies:
      All cookies such as tracking and analytics cookies.
    • Accept first-party cookies only:
      Only cookies from this website.
    • Reject all tracking cookies:
      No cookies except for those necessary for technical reasons are set.

    You can change your cookie setting here anytime: Blog. Blog