‘The electronic IDentification, Authentication and trust Services‘
The vulnerabilities could be exploited by attackers to impersonate any EU citizen or business during official transactions.
“During a short crash test SEC Consult identified a critical vulnerability in the
The vulnerabilities fixed by the European authorities affect the
The vulnerabilities have been reported by security experts at SEC Consult, the first issue is described as Certificate Faking, the second one as Missing Certificate Validation.
The experts provided the following description of the sequence of authentication in their advisory: “If an Italian citizen wants to authenticate against a German online service, first the German
The researchers at SEC Consult
“Due to insufficient certificate verification the European Commission
The attacker has to initiate a malicious connection to an
The experts also included a