CVE-2026-45575
HIGH7.4EPSS 0.01%Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all-client
Description
### Impact An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects u ri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge response to the attacker's encryption key and POSTs it to the attacker's auth endpoint. This captures the signed authentication material. ### Patches [#36](https://github.com/oviva-ag/epa4all-client/pull/36) ### Workarounds None. ### Resources - MS-OVIVA-EPA4ALL-d453c1 ### Credits [Machine Spirits](https://machinespirits.com/) ([[email protected]](mailto:[email protected])) - Dr. rer. nat. Simon Weber - Dipl.-Inf. Volker Schönefeld - Chiara Fliegner
Affected packages (1)
- Maven/com.oviva.telematik:epa4all-clientfrom 0, < 1.2.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
References (5)
- PATCHhttps://github.com/oviva-ag/epa4all-client
- WEBhttps://github.com/oviva-ag/epa4all-client/commit/9111d6fbb939007036a7f74b2a93bb278cb5af32
- WEBhttps://github.com/oviva-ag/epa4all-client/pull/36
- WEBhttps://github.com/oviva-ag/epa4all-client/releases/tag/v1.2.2
- WEBhttps://github.com/oviva-ag/epa4all-client/security/advisories/GHSA-gqx7-6552-67hf