The German e-Government communications system components there are multiple serious vulnerabilities can lead to government exchange of data breach-vulnerability warning-the black bar safety net

! [](/Article/UploadPic/2017-7/20177108934463. jpg? www. myhack58. com)
The G20 Summit on the eve of the German vigorously strengthen the network security and the establishment of the all-Weather command center, and most recently, the SEC-Consult security researchers found that the German e-Government communications library Online Services computer interface the OSCI (Online Services Computer Interface)there are multiple serious vulnerabilities that can lead to government exchange of data is to attack the leak. The following is SEC-Consult relevant research:
Brief description of the
The OSCI interface for the German public between government agencies exchange data, which the OSCI Data Transfer Protocol is the German e-government information system based and the mandatory communication Protocol. Now, the OSCI Protocol has been widely used in Germany in various fields-government system, such as population registration, public health and the administration of Justice, etc. The OSCI Protocol design based on the application in the untrusted network to provide confidentiality, integrity, authenticity and non-repudiation security concerns for e-Government build a secure, encrypted and legitimate exchange of data transmission channels.
The Protocol of a commonly used implementation is the“OSCI-Transport” Java library, which is the earliest in 2004 was developed, and by the Protocol developer for maintenance. In our recent vulnerability announcement, we describe how the OSCI Library for some effective attack research. Certified, an attacker can take advantage of the OSCI library XXE injection attacks, and can get to the OSCI application system related to the internal file data information. Based on this, the attacker once the communication channel access control, in some specific conditions, but also on the part of the transmission data for message decryption and forgery and other serious operation. Currently, we are also not for OSCI to make a full security assessment, but cannot exclude the presence of other vulnerabilities may be.
The OSCI Protocol technology brief
In order to better understand the vulnerability situation in the OSCI Protocol to make a simple technical description.
The OSCI Protocol, Version 1.2, is an XML-based content-independent Protocol, the communication mechanism usually consists of an intermediate member to operate the control. At the start of communication, the sender must provide this middleware sends a request message. In the message to reach the recipient before the presence of the following two scenarios:
Middleware initiative to the OSCI server sends the message passively received
The OSCI server is connected to the middleware for Message Access initiative receive
In order to protect the transmission of information, the OSCI Protocol defines the following optional security mechanisms:
The payload, i.e. the message the actual content of the use of the author or the sender’s private key for signature, or a content signature, which ensures that the recipient can verify the authenticity of the message
Payload using the end recipient’s public key for encryption, i.e., content encryption, ensuring that information can only be used by the actual recipient to read, and not by the middleware or other third-party read
Using the sender private key signature of the OSCI message allows the middleware or the recipient to the sender authentication, and confirm the transmission of the message and the metadata has not been tampered with
The use of public key encryption of the OSCI message to ensure the communication can be in the sender, middleware and receiving between the parties, not by third-party attacker to read the master
! [](/Article/UploadPic/2017-7/20177108934826. png? www. myhack58. com)
Test set
We focused on the OSCI 1.6.1 version of the Java library conducted a safety test, the library source code can points this download. But the library is not included we create a full testing required of fully code also does not include the middleware code, so we used to write virtual code to the missing components for the simulation. In the end, we of the library in a slight modification of the passive recipient of the instance of the de. the osci. osci12. samples. PassiveRecipient for the attack test.
We do not have to complete the OSCI actual production system or application to test, just performed a simple simulation of a security check, and therefore, we cannot exclude the presence of other vulnerabilities or attack paths.
The discovered vulnerability
From the attacker perspective, there are two main attack methods:
The communication partner of the attack: the attacker tries to send communication partner can be sent to control the operation of the OSCI message, in order to invasion each other
The communication of the attack: attackers try to encrypt and signature the OSCI message decryption attack to get these messages access control
SEC-Consult in the OSCI Protocol Library 1. 6. 1 version found multiple vulnerabilities, and the success of the At least one communication scenario for a vulnerability test. In view of these vulnerabilities will seriously affect Germany’s key e-government system, so we will not publish the specific exploit code, only the these vulnerabilities to make the introduction.
The OSCI Server attacks
XXE Vulnerability–CVE-2017-10668
The OSCI message format based on the XML standard, with the external entity contains the contains function, on the function of the parser is usually the presence of an external entity injection XXE）vulnerabilities. And the OSCI library has to explicitly enable this feature, and therefore susceptible to such vulnerabilities. This attack in addition to cause a denial of service effects, but also may allow an attacker to access system files. However, this kind of attacks with XXE attack as there is a limit: if the file contains a specific character such as the & or non-printable characters, the attacker will not be able to retrieve them.
In addition to the other security implications such as denial of service this vulnerability could allow an attacker from the system to read the file. However, with any of XXE vulnerabilities is limited: if the file contains some XML specific prohibited characters such as the&, the non-printable characters, the attacker will not be able to retrieve obtain them. The attack is performed normally, an attacker without access to the original message of the access control, for passive OSCI recipient, an attacker simply by network can be formed on its access or further attacks.
Attack test, we use the OSCI challenge/response feature, which allows the sender in the“ challenge”element to specify any value, and the recipient must also be in the OSCI response of the Response element specifies the value. Ultimately, we successfully implemented this XXE attack through the Challenge of the elements provided in the Response element to obtain some reference data such as local files. In the passive receive the source code, we found that an attacker can be to the OSCI service to send an unencrypted signed message, in order from the OSCI service system to read arbitrary files.
Java deserialization vulnerability
In addition, due to the OSCI in the XML parser included in a Java deserialization integrated tools, which means that XXE vulnerabilities could be by Java deserialization channels to be used. If the OSCI application program exists:
From a trusted source in the deserialized data
The presence of vulnerability of the OSCI library exactly in the application’s classpath path,
Then the attacker can through the OSCI application to send a specific sequence of data, trigger Java deserialization vulnerability to out-of-band XXE attacks.
To the OSCI message attack
Through our modeling, in the communication channel is considered to be unsafe premise, assuming that an attacker is able to sniff the encrypted OSCI message of the scene. The following figure shows us this attack scenario:
! [](/Article/UploadPic/2017-7/20177108934852. png? www. myhack58. com)
Crack Serial encryption padding oracle attack–CVE-2017-10668

[1] [2] next