Ad Guardian PlusNews

Vulnerabilities in the Europe’s Digital Identity System, patched

User-wondering-what-happens

European authorities released a patch for the eIDAS system. The electronic Identification, ONEhandedness and trust Services is the official software package that government organizations run on servers to support eIDAS-friendly transactions. The system was created to conduct cross-border electronic transactions that can be verified against official databases in any country.

Last week, SEC Consult security researchers found two vulnerabilities that could allow attackers to pretend to be any EU citizens or businesses. The released patch makes two security flaws that may allow an attacker to pose any EU citizen or business during official transactions. The cryptographically secure electronic system was created in 2014 for managing electronic transactions and digital signatures between EU Member States, citizens and businesses.

As it has a critical role, any vulnerability can allow attackers to interfere with the EU official transactions (tax payments, bank transfers etc.). Researchers discovered that the current versions of the eIDAS-Node package could not validate certificates used in eIDAS operations. Thus, the attackers could forge the certificate from any other eIDAS citizen or company.

In a potential attack, one has to only initiate a malicious connection to an eIDA-Node server in any Member State and provide forged certificates during the approval process.

“We do not have detailed information about the configuration or additional security measures for the installed production systems. We are therefore unable to provide information on the Member State concerned to what degree,” mentioned Wolfgang Ettlinger, SEC Consult Senior Security Consultant, for ZDNet.

Although the representatives of the European Commission’s CONNECT department declined to comment the incident publicly, a patch was released, together with a reminder to national administrators to get patching.

Related posts
Ad Guardian PlusNews

Google removed 1.700 infected apps

Ad Guardian PlusNews

10.000 attacks per minute from Iran

NewsParenting Tips

Best Apps and Software To Observe Your Kid's Online Activities

NewsParenting Tips

10 Ways to Keep Kids Safe from Cyberbullying

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our
BitGuardian Newsletter

Stay updated with the latest security news and updates for the products you need.

Choose your favorite: