Machine Spirits Logo
All Advisories

med-united epa4all

VAU Server Authentication Bypass

The application does not verify the signature on the VAU server's signed public keys during the encrypted-channel handshake. An attacker on the network path to the ePA Aktensystem can present their own key material, complete the handshake, and read or modify all inner traffic — patient consent decisions, medication data, document uploads, and authorization tokens.

This advisory contains limited information during coordinated disclosure. Please check back later for full details.

Authored byChiara Fliegner, Volker Schönefeld, Simon Weber2026-05-20
SeverityCriticalCVSS 9.1CVSS 3.1 VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NCWECWE-347 (Improper Verification of Cryptographic Signature)Productmed-united epa4allAffected Versions1.0.0-SNAPSHOT (all builds prior to the 2026-05-20 fix)Fixed InPatched on 2026-05-20 (adds certificate and hostname checks for lib-vau and a keystore based on the Telematik TSL).GHSAGHSA-vvh7-x6c7-46gh

Description

Per the vendor's advisory, the VAU handshake deserializes the cryptographic signature fields on the server's public keys but never reads them in any verification code path. As a result the ePA backend is not authenticated at the application layer.

An attacker positioned on the network path between epa4all and the ePA Aktensystem can substitute their own public keys during the handshake, derive the resulting session keys, and decrypt the encrypted channel. In the product's deployment model — an on-premise container in a doctor's practice — this attacker is any device on the clinical network.

Impact

  • An attacker on the network path to the ePA Aktensystem can complete the VAU handshake with substituted keys and obtain the session keys, gaining read and modify access to the inner traffic: patient consent decisions, medication data, document uploads, and authorization tokens.

Mitigation

Update to a build dated 2026-05-20 or later, which adds verification of the VAU server's certificate and signed public keys. No workaround exists for affected builds; transport-layer protection alone does not authenticate the VAU server.

References

How We Can Help

Who We Are

The security researchers behind this advisory.

Dr. Simon Weber Profile

Dr. rer. nat. Simon Weber

Senior Pentester & MedSec Researcher

I evaluate your SaMD with the same industry-defining security insight I contributed to the BAK MV for the revision of the B3S standard.

  • PhD on Hospital Cybersecurity
  • Critical vulnerabilities found in hospital systems
  • Alumni of THB MedSec Research Group
  • gematik Security Hero
Volker Schönefeld Profile

Dipl.-Inf. Volker Schönefeld

Senior Application Security Expert

As a former CTO and developer turned pentester, I work alongside your team to uncover vulnerabilities and find solutions that fit your architecture.

  • 20+ years as CTO, 50M+ app downloads
  • Architected and secured large-scale IoT fleets
  • Certified Web Exploitation Specialist
  • gematik Security Hero
View Full Team Profiles

Looking for a Penetration Test?

Machine Spirits specializes in security assessments for medical devices and healthcare IT. From MDR penetration testing to C5 cloud compliance, we help MedTech companies meet regulatory requirements.

Get in TouchLearn More About Our Services