GSD-2024-23674

Vulnerability from gsd - Updated: 2024-01-20 06:02
Details
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the "sPACE (Spoofing Password Authenticated Connection Establishment)" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is "ensuring a secure operational environment at the client side is an obligation of the ID card owner."
Aliases
To clipboard 

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-23674"
      ],
      "details": "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim\u0027s identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\"",
      "id": "GSD-2024-23674",
      "modified": "2024-01-20T06:02:17.642485Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-23674",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim\u0027s identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.personalausweisportal.de/",
            "refsource": "MISC",
            "url": "https://www.personalausweisportal.de/"
          },
          {
            "name": "https://www.ausweisapp.bund.de/",
            "refsource": "MISC",
            "url": "https://www.ausweisapp.bund.de/"
          },
          {
            "name": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1",
            "refsource": "MISC",
            "url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1"
          },
          {
            "name": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z\u0026dl=0",
            "refsource": "MISC",
            "url": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z\u0026dl=0"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim\u0027s identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\""
          },
          {
            "lang": "es",
            "value": "El esquema de identificaci\u00f3n electr\u00f3nica Online-Ausweis-Funktion en el documento nacional de identidad alem\u00e1n hasta el 15 de febrero de 2024 permite omitir la autenticaci\u00f3n mediante suplantaci\u00f3n de identidad. Un atacante intermediario puede asumir la identidad de la v\u00edctima para acceder a recursos gubernamentales, m\u00e9dicos y financieros, y tambi\u00e9n puede extraer datos personales de la tarjeta, tambi\u00e9n conocido como el problema \"sPACE (establecimiento de conexi\u00f3n autenticada con contrase\u00f1a suplantada)\". Esto ocurre debido a una combinaci\u00f3n de factores, como la entrada insegura del PIN (para lectores b\u00e1sicos) y los enlaces profundos eid://. La v\u00edctima debe estar utilizando un kernel de eID modificado, lo que puede ocurrir si se enga\u00f1a a la v\u00edctima para que instale una versi\u00f3n falsa de una aplicaci\u00f3n oficial. NOTA: la posici\u00f3n de BSI es \"garantizar un entorno operativo seguro en el lado del cliente es una obligaci\u00f3n del propietario de la tarjeta de identificaci\u00f3n\"."
          }
        ],
        "id": "CVE-2024-23674",
        "lastModified": "2024-02-16T13:37:55.033",
        "metrics": {},
        "published": "2024-02-15T23:15:08.827",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://www.ausweisapp.bund.de/"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z\u0026dl=0"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://www.personalausweisportal.de/"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Awaiting Analysis"
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.