epa4all-client versions prior to 1.2.2 fail to validate TLS certificates when connecting to the Konnektor, enabling network-path attackers to intercept sensitive healthcare communications. The vulnerability allows presentation of arbitrary certificates—self-signed, expired, or with incorrect common names—without rejection by the client. This TLS verification bypass exposes patient identifiers (KVNR), SMC- [truncated]
epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment (e.g., following the production Docker example in the README), this is exploitable from the local network without credentials.
epa4all-client versions prior to 1.2.2 are vulnerable to a man-in-the-middle (MITM) attack targeting the TLS connection between the client and the Identity Provider (IDP) within the Telematik Infrastruktur (TI) network. An attacker positioned to intercept this connection can substitute a forged discovery document that redirects the `uri_puk_idp_enc` and `uri_puk_idp_sig` endpoints to attacker-controlled U [truncated]