CVE-2024-23674

{"id": "CVE-2024-23674", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 2.8}]}, "published": "2024-02-15T23:15:08.827", "references": [{"url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1", "source": "cve@mitre.org"}, {"url": "https://www.ausweisapp.bund.de/", "source": "cve@mitre.org"}, {"url": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0", "source": "cve@mitre.org"}, {"url": "https://www.personalausweisportal.de/", "source": "cve@mitre.org"}, {"url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.ausweisapp.bund.de/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.personalausweisportal.de/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\""}, {"lang": "es", "value": "El esquema de identificaci\u00f3n electr\u00f3nica Online-Ausweis-Funktion en el documento nacional de identidad alem\u00e1n hasta el 15 de febrero de 2024 permite omitir la autenticaci\u00f3n mediante suplantaci\u00f3n de identidad. Un atacante intermediario puede asumir la identidad de la v\u00edctima para acceder a recursos gubernamentales, m\u00e9dicos y financieros, y tambi\u00e9n puede extraer datos personales de la tarjeta, tambi\u00e9n conocido como el problema \"sPACE (establecimiento de conexi\u00f3n autenticada con contrase\u00f1a suplantada)\". Esto ocurre debido a una combinaci\u00f3n de factores, como la entrada insegura del PIN (para lectores b\u00e1sicos) y los enlaces profundos eid://. La v\u00edctima debe estar utilizando un kernel de eID modificado, lo que puede ocurrir si se enga\u00f1a a la v\u00edctima para que instale una versi\u00f3n falsa de una aplicaci\u00f3n oficial. NOTA: la posici\u00f3n de BSI es \"garantizar un entorno operativo seguro en el lado del cliente es una obligaci\u00f3n del propietario de la tarjeta de identificaci\u00f3n\"."}], "lastModified": "2024-11-21T08:58:08.697", "sourceIdentifier": "cve@mitre.org"}