Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the "sPACE (Spoofing Password Authenticated Connection Establishment)" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is "ensuring a secure operational environment at the client side is an obligation of the ID card owner."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
German National Identity card 安全漏洞
Vulnerability Description
German National Identity card是一种身份认证机制及载体。 German National Identity card Online-Ausweis-Funktion eID存在安全漏洞,该漏洞源于允许通过欺骗绕过身份验证。
CVSS Information
N/A
Vulnerability Type
N/A