CVE-2026-45575

Published: Mag 26, 2026 Last Modified: Mag 26, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,4

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects uri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge response to the attacker's encryption key and POSTs it to the attacker's auth endpoint. This captures the signed authentication material. This vulnerability is fixed in 1.2.2.

347

Improper Verification of Cryptographic Signature

Draft

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Access Control Integrity Confidentiality

Potential Impacts:

Gain Privileges Or Assume Identity Modify Application Data Execute Unauthorized Code Or Commands

Applicable Platforms

All platforms may be affected

View CWE Details

https://github.com/oviva-ag/epa4all-client/pull/36

https://github.com/oviva-ag/epa4all-client/security/advisor…

https://github.com/oviva-ag/epa4all-client/security/advisories/GHSA-gqx7-6552-6…

CVE-2026-45575

Description

Improper Verification of Cryptographic Signature

Common Consequences

Applicable Platforms

Iscriviti alla newsletter