News

Researchers find leaks in German government communication system

By admin
Spread the love

Researchers at the Austrian security firm SEC Consult have found leaks in a collection of protocols for the German E-Government system. This enables communication between government agencies and between the government and the citizen, among other things.

It concerns leaks in the so-called OSCI, which forms the basis of the German E-Government system. The researchers focused on OSCI’s Java library. They found several vulnerabilities in it. For example, it is possible to read data on a target’s system via modified XML data or to carry out a dos attack. In addition, it was possible to crack encryption, because outdated algorithms are used.

Another leak made it possible to modify the content of a signed message without invalidating the signature. The company has, among other things, collaborated with the German BSI to close the leaks found. The necessary patches have already been released.

OSCI, or online services computer interface, is supposed to ‘provide a secure format for the exchange of data’. According to SEC Consult, the system is used for public care, civil status, documents, registration of persons and communication within the Ministry of Justice. The OSCI protocol is based on XML and is usually sent over HTTP connections, the company said.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Igor’s Lab shares specs LGA1851 socket Arrow Lake: PCIe 5.0 SSDs and more pins