CVE-2024-23674 - OpenCVE

The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the "sPACE (Spoofing Password Authenticated Connection Establishment)" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is "ensuring a secure operational environment at the client side is an obligation of the ID card owner."

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Ausweisapp	Online-ausweis-funktion

No data.

No data.

References

Link	Providers
https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1
https://www.ausweisapp.bund.de/
https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0
https://www.personalausweisportal.de/

History

Wed, 06 Nov 2024 18:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Ausweisapp Ausweisapp online-ausweis-funktion
Weaknesses		CWE-290
CPEs		cpe:2.3:a:ausweisapp:online-ausweis-funktion::::::::
Vendors & Products		Ausweisapp Ausweisapp online-ausweis-funktion
Metrics		cvssV3_1 `{'score': 9.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-15T00:00:00

Updated: 2024-11-06T17:24:04.694Z

Reserved: 2024-01-19T00:00:00

Link: CVE-2024-23674

Vulnrichment

Updated: 2024-08-01T23:06:25.298Z

NVD

Status : Awaiting Analysis

Published: 2024-02-15T23:15:08.827

Modified: 2024-11-06T18:35:05.950

Link: CVE-2024-23674

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-23674", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-06T17:24:04.694Z", "dateReserved": "2024-01-19T00:00:00", "datePublished": "2024-02-15T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-15T22:46:32.416619"}, "descriptions": [{"lang": "en", "value": "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\""}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.personalausweisportal.de/"}, {"url": "https://www.ausweisapp.bund.de/"}, {"url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1"}, {"url": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.298Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.personalausweisportal.de/", "tags": ["x_transferred"]}, {"url": "https://www.ausweisapp.bund.de/", "tags": ["x_transferred"]}, {"url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1", "tags": ["x_transferred"]}, {"url": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-290", "lang": "en", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "affected": [{"vendor": "ausweisapp", "product": "online-ausweis-funktion", "cpes": ["cpe:2.3:a:ausweisapp:online-ausweis-funktion:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2024-02-15", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-11-06T17:23:59.838666Z", "id": "CVE-2024-23674", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-06T17:24:04.694Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-23674", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-11-06T17:24:04.694Z", "dateReserved": "2024-01-19T00:00:00", "datePublished": "2024-02-15T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-02-15T22:46:32.416619"}, "descriptions": [{"lang": "en", "value": "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\""}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://www.personalausweisportal.de/"}, {"url": "https://www.ausweisapp.bund.de/"}, {"url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1"}, {"url": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:06:25.298Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.personalausweisportal.de/", "tags": ["x_transferred"]}, {"url": "https://www.ausweisapp.bund.de/", "tags": ["x_transferred"]}, {"url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1", "tags": ["x_transferred"]}, {"url": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0", "tags": ["x_transferred"]}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.6, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23674", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-08-28T13:09:02.022900Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:ausweisapp:online-ausweis-funktion:*:*:*:*:*:*:*:*"], "vendor": "ausweisapp", "product": "online-ausweis-funktion", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2024-02-15"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-290", "description": "CWE-290 Authentication Bypass by Spoofing"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-27T20:45:07.962Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the \"sPACE (Spoofing Password Authenticated Connection Establishment)\" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is \"ensuring a secure operational environment at the client side is an obligation of the ID card owner.\""}, {"lang": "es", "value": "El esquema de identificaci\u00f3n electr\u00f3nica Online-Ausweis-Funktion en el documento nacional de identidad alem\u00e1n hasta el 15 de febrero de 2024 permite omitir la autenticaci\u00f3n mediante suplantaci\u00f3n de identidad. Un atacante intermediario puede asumir la identidad de la v\u00edctima para acceder a recursos gubernamentales, m\u00e9dicos y financieros, y tambi\u00e9n puede extraer datos personales de la tarjeta, tambi\u00e9n conocido como el problema \"sPACE (establecimiento de conexi\u00f3n autenticada con contrase\u00f1a suplantada)\". Esto ocurre debido a una combinaci\u00f3n de factores, como la entrada insegura del PIN (para lectores b\u00e1sicos) y los enlaces profundos eid://. La v\u00edctima debe estar utilizando un kernel de eID modificado, lo que puede ocurrir si se enga\u00f1a a la v\u00edctima para que instale una versi\u00f3n falsa de una aplicaci\u00f3n oficial. NOTA: la posici\u00f3n de BSI es \"garantizar un entorno operativo seguro en el lado del cliente es una obligaci\u00f3n del propietario de la tarjeta de identificaci\u00f3n\"."}], "id": "CVE-2024-23674", "lastModified": "2024-11-06T18:35:05.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-02-15T23:15:08.827", "references": [{"source": "cve@mitre.org", "url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1"}, {"source": "cve@mitre.org", "url": "https://www.ausweisapp.bund.de/"}, {"source": "cve@mitre.org", "url": "https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0"}, {"source": "cve@mitre.org", "url": "https://www.personalausweisportal.de/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}