CVE-2026-44900 - epa4all-client has a VAU Signature bypass
📡 GitHub-Advisory · 2026-05-08
CVE-2026-44900 - epa4all-client has a VAU Signature bypass
CVE-2026-44900
GHSA-g8r3-5hwf-qp96 HIGH maven/com.oviva.telematik:epa4all-client
CVE: CVE-2026-44900
Impact
In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify(). The method performs certificate chain validation, OCSP check, and signature algorithm setup, but never checks whether the signature actually matches. For any structurally valid signature, it returns true.
Patches
Patched in #34.
Workarounds
None.
Resources
Credits
Machine Spirits (contact@machinespirits.de)
- Dr. rer. nat. Simon Weber
- Dipl.-Inf. Volker Schönefeld
- Chiara Fliegner
📌 来源: GitHub-Advisory | 🆔 CVE-2026-44900 | 📅 2026-05-08