epa4all-client CVE-2026-45575
HIGHSeverity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2Blast Radius
ecosystem impact- 1 maven packages depend on com.oviva.telematik:epa4all-client (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 1.2.2.
DescriptionGitHub Advisory
Impact
An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The forged document redirects u ri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs. The client then encrypts the SMC-B-signed challenge response to the attacker's encryption key and POSTs it to the attacker's auth endpoint. This captures the signed authentication material.
Patches
Workarounds
None.
Resources
- MS-OVIVA-EPA4ALL-d453c1
Credits
Machine Spirits ([contact@machinespirits.de](mailto:contact@machinespirits.de))
- Dr. rer. nat. Simon Weber
- Dipl.-Inf. Volker Schönefeld
- Chiara Fliegner
AnalysisAI
Authentication bypass in epa4all-client allows MITM attackers positioned within the TI (Telematikinfrastruktur) network to capture SMC-B-signed authentication material by substituting a forged OIDC discovery document. The vulnerability affects all versions prior to 1.2.2 and requires the attacker to intercept TLS connections between the client and Identity Provider. No public exploit identified at time of analysis.
Technical ContextAI
The epa4all-client is a Java library (Maven package com.oviva.telematik:epa4all-client) used in Germany's healthcare telematics infrastructure for electronic patient records (ePA). The vulnerability stems from improper verification of cryptographic signatures (CWE-347) in OIDC discovery documents. During authentication, the client fetches a discovery document that specifies encryption and signature verification endpoints. Without proper validation of the document's authenticity, an attacker can redirect uri_puk_idp_enc and uri_puk_idp_sig to attacker-controlled URLs, causing the client to encrypt sensitive authentication responses using the attacker's public key.
RemediationAI
Vendor-released patch: upgrade to epa4all-client version 1.2.2 or later. The fix is available through standard Maven dependency updates. Technical details of the patch can be reviewed at https://github.com/oviva-ag/epa4all-client/pull/36. The vendor explicitly states no workarounds are available, making immediate patching the only remediation option. Organizations unable to patch immediately should monitor for suspicious authentication patterns and consider enhanced network segmentation within the TI infrastructure to limit potential MITM positions.
More in Jwt Attack
View allWhy is Microsoft republishing a CVE from 2013? We are republishing CVE-2013-3900 in the Security Update Guide to update
Authentication bypass in SimpleHelp 5.5.15 and prior (plus 6.0 pre-release builds) allows remote unauthenticated attacke
Authentication bypass in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows unauthenticated remote attackers to
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Rated critical severity (CVS
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. Rated criti
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.27
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work
The Ruby SAML library is for implementing the client side of a SAML authorization. Rated critical severity (CVSS 9.8), t
cosign is a container signing and verification utility. Rated critical severity (CVSS 9.8), this vulnerability is remote
Biscuit is an authentication and authorization token for microservices architectures. Rated critical severity (CVSS 9.8)
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-gqx7-6552-67hf