Machine Spirits Logo
All Advisories

Oviva epa4all-client

VAU Signature Verification Bypass

In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA verification of the VAU server's signed public keys discards the boolean return value of Signature.verify(). The method falls through to return true regardless of whether the signature is valid, allowing a network attacker to substitute their own keys into the VAU handshake.

This advisory contains limited information during coordinated disclosure. Please check back later for full details.

Authored byChiara Fliegner, Volker Schönefeld, Simon Weber2026-05-05
SeverityHighCVSS 7.4CVSS 3.1 VectorAV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NCWECWE-347 (Improper Verification of Cryptographic Signature)ProductOviva epa4all-clientAffected Versions0.0.2-rc.0 through 1.1.1Fixed InPull request #34 (merged 2026-05-05). Awaiting tagged release.CVEPendingGHSAPending

Description

The bug was introduced in the initial commit of the trust validator and remained in every published release of epa4all-client. Java's Signature.verify() returns false for an invalid signature without throwing, so the unused return value masks the failure. The same codebase contains a correct use of the pattern in another verifier.

Impact

  • A network attacker positioned between an ePA client and the ePA backend can substitute their own ECDH and Kyber public keys into the VAU handshake. The client derives session keys from the attacker's keys, granting full plaintext access to ePA traffic, including document writes, document reads, and authorization flows.

Mitigation

Update to the next release of epa4all-client after 1.1.1 (incorporating pull request #34). The fix returns the boolean result of Signature.verify() instead of discarding it.

References

How We Can Help

Who We Are

The security researchers behind this advisory.

Dr. Simon Weber Profile

Dr. rer. nat. Simon Weber

Senior Pentester & MedSec Researcher

I evaluate your SaMD with the same industry-defining security insight I contributed to the BAK MV for the revision of the B3S standard.

  • PhD on Hospital Cybersecurity
  • Critical vulnerabilities found in hospital systems
  • Alumni of THB MedSec Research Group
  • gematik Security Hero
Volker Schönefeld Profile

Dipl.-Inf. Volker Schönefeld

Senior Application Security Expert

As a former CTO and developer turned pentester, I work alongside your team to uncover vulnerabilities and find solutions that fit your architecture.

  • 20+ years as CTO, 50M+ app downloads
  • Architected and secured large-scale IoT fleets
  • Certified Web Exploitation Specialist
  • gematik Security Hero
View Full Team Profiles

Looking for a Penetration Test?

Machine Spirits specializes in security assessments for medical devices and healthcare IT. From MDR penetration testing to C5 cloud compliance, we help MedTech companies meet regulatory requirements.

Get in TouchLearn More About Our Services