secon-tool
Sender Impersonation via Certificate Issuer Validation Gap
When the certificate that signed an inbound message is not found directly in the recipient's directory, secon-tool verifies the certificate the message carries by locating its issuer in the directory and checking the issuer's signature over it, without checking that the matched issuer is a certificate authority. Any end-entity participant certificate present in the directory is therefore accepted as a signing authority. An enrolled participant who holds such a certificate's private key can mint a child certificate bearing an arbitrary subject name and have a message verified under that impersonated identity.
This advisory contains limited information during coordinated disclosure. Please check back later for full details.
Description
secon-tool is the open-source reference implementation of the GKV SECON security interface (Anlage 16), which signs and encrypts message exchange across the German statutory health insurance system. We appreciate the project's work on a clean, auditable foundation for this interface. We reported this finding privately to Techniker Krankenkasse in June 2026; they responded constructively and released a fix.
The fix makes the issuer lookup reject any certificate whose BasicConstraints does not mark it as a certificate authority, so an end-entity participant certificate can no longer act as a signing authority. This is a coordinated disclosure; the full technical writeup follows once the remediation window closes.
Impact
- An enrolled participant can forge a SECON message that the recipient, a Krankenkasse or Leistungserbringer, attributes to a different participant, using only their own legitimately issued certificate and its private key plus the recipient's public certificate. The reach depends on how the recipient's directory is populated: deployments that place end-entity participant certificates in the keystore secon-tool uses as its directory are affected, while a deployment that holds only certificate-authority certificates there and resolves participants over LDAP is not affected through this path. Where a consumer gates an authorization decision on the authenticated-sender identity, the attacker obtains the impersonated party's authorization, and the billing, membership, or DiGA record processed under the spoofed identity belongs to a real insured person.
Mitigation
Upgrade to secon-tool 1.2.3 or later, which rejects any issuer candidate that is not marked as a certificate authority. Until upgraded, operators can reduce exposure by auditing the keystore secon-tool uses as its directory and removing any end-entity (non-CA) participant certificates; where participant certificates must remain reachable, prefer an LDAP-based directory that holds only certificate-authority certificates.
References
How We Can Help
Who We Are
The security researchers behind this advisory.

Dr. rer. nat. Simon Weber
Senior Pentester & MedSec Researcher
I evaluate your SaMD with the same industry-defining security insight I contributed to the BAK MV for the revision of the B3S standard.
- PhD on Hospital Cybersecurity
- Critical vulnerabilities found in hospital systems
- Alumni of THB MedSec Research Group
- gematik Security Hero

Dipl.-Inf. Volker Schönefeld
Senior Application Security Expert
As a former CTO and developer turned pentester, I work alongside your team to uncover vulnerabilities and find solutions that fit your architecture.
- 20+ years as CTO, 50M+ app downloads
- Architected and secured large-scale IoT fleets
- Certified Web Exploitation Specialist
- gematik Security Hero
Looking for a Penetration Test?
Machine Spirits specializes in security assessments for medical devices and healthcare IT. From MDR penetration testing to C5 cloud compliance, we help MedTech companies meet regulatory requirements.
