Vulnerability discovered in e-government communication
Researchers have recently discovered a critical vulnerability affect governmental sectors such as public health systems, population registration, and justice system. The flaw resides in the secure communication protocol.
Basically, the OSCI-Transport communication library which is widely used and critical to the German e-government has multiple vulnerabilities enabling attackers to view and interfere with the messages. The OSCI-Transport is a secure channel and is the required communication protocol that serves the foundation of e-government,
According to experts, some of the OSCI safeguards can be broken through the usage of a XML Entity Injection attack allowing him to to read local files on communication partner’s system. In addition, a hacker with access to the system could potential not only decrypt parts of messages, but forge them.