HIGH 7.4 Maven
Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client
GHSA-gqx7-6552-67hf · CVE-2026-45575
Published · Modified
Description
Impact
An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects u ri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge response to the attacker's encryption key and POSTs it to the attacker's auth endpoint. This captures the signed authentication material.
Patches
Workarounds
None.
Resources
- MS-OVIVA-EPA4ALL-d453c1
Credits
Machine Spirits (contact@machinespirits.de)
- Dr. rer. nat. Simon Weber
- Dipl.-Inf. Volker Schönefeld
- Chiara Fliegner
References
- WEB https://github.com/oviva-ag/epa4all-client/security/advisories/GHSA-gqx7-6552-67hf
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-45575
- WEB https://github.com/oviva-ag/epa4all-client/pull/36
- WEB https://github.com/oviva-ag/epa4all-client/commit/9111d6fbb939007036a7f74b2a93bb278cb5af32
- PACKAGE https://github.com/oviva-ag/epa4all-client
- WEB https://github.com/oviva-ag/epa4all-client/releases/tag/v1.2.2
Ready to move
Start Securing
Free, no credit card | First findings in minutes