Dies ist eine Chaos
Germany's e-government system is open to padding oracle attacks and other vulnerabilities because of an insecure communications protocol. According to this SEC-Consult advisory, which landed on Friday, the problems are in the OSCI-Transport Library version 1.2, for which a common implementation is in Java. OSCI, the Online Services Computer Interface, is the foundation of Germany's e-government. It's meant to provide secure, confidential, and legally-binding transmission over untrusted networks ...