CVE-2024-23674
📋 TL;DR
This vulnerability allows man-in-the-middle attackers to bypass authentication in Germany's Online-Ausweis-Funktion eID scheme, enabling identity theft for accessing government, medical, and financial services. Attackers can also extract personal data from identity cards. Users are affected when tricked into installing malicious eID kernel software.
💻 Affected Systems
- German National Identity card Online-Ausweis-Funktion eID scheme
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete identity theft allowing unauthorized access to sensitive government systems, medical records, and financial accounts, plus extraction of all personal data from identity cards.
Likely Case
Targeted attacks against individuals for identity fraud, unauthorized access to online services, and personal data theft.
If Mitigated
Limited impact with proper client-side security controls and user awareness about software installation.
🎯 Exploit Status
Exploitation requires man-in-the-middle position and victim interaction (installing malicious software). Detailed technical analysis and proof-of-concept available in public research.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after 2024-02-15
Vendor Advisory: https://www.ausweisapp.bund.de/
Restart Required: Yes
Instructions:
1. Update to latest version of AusweisApp2 from official sources. 2. Ensure all eID-related software is from verified official sources. 3. Follow BSI recommendations for secure operational environment.
🔧 Temporary Workarounds
Use secure card readers
allUse card readers with secure PIN entry mechanisms instead of basic readers
Disable eid:// deeplinking
allConfigure systems to block or require confirmation for eid:// protocol handlers
🧯 If You Can't Patch
- Implement strict network segmentation and monitoring for eID-related traffic
- Enforce user training about only installing software from official sources and recognizing phishing attempts
🔍 How to Verify
Check if Vulnerable:
Check if using eID software versions dated before 2024-02-15 or if system has been modified with unofficial eID kernelCheck Version:
Check application version in AusweisApp2 settings or system documentationVerify Fix Applied:
Verify AusweisApp2 version is latest from official source and check for security updates applied after 2024-02-15📡 Detection & Monitoring
Log Indicators:
- Unexpected eID authentication attempts
- Multiple failed authentication attempts followed by successful login
- Unusual eid:// protocol handler activations
Network Indicators:
- Man-in-the-middle patterns in eID authentication traffic
- Unusual network connections during eID sessions
SIEM Query:
source="eid_auth" AND (status="success" AFTER status="failure" WITHIN 5s) OR protocol="eid" AND src_ip!=expected_ip🔗 References
- https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1
- https://www.ausweisapp.bund.de/
- https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0
- https://www.personalausweisportal.de/
- https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1
- https://www.ausweisapp.bund.de/
- https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0
- https://www.personalausweisportal.de/
