Machine Spirits Logo

Vulnerability Research

ePA-VAU Client Security

lib-vau-based implementations

The ePA puts patients in control of their health records, and the VAU layer keeps that data private all the way to the record system. Across the ecosystem, teams are building real ePA integrations on gematik's reference library, lib-vau, much of it in the open. We looked closely at how that inner encryption layer holds up in practice, and we want to share what we learned so everyone building on it benefits.

What we found

Each ePA client wraps patient traffic in two encryption layers: the outer TLS transport, and an inner VAU shell that stays end-to-end even where TLS terminates. We checked both, across several implementations. Three findings stood out:

  1. TLS certificates not validated

    The outer transport layer ran with certificate validation switched off in production. Any certificate was accepted, so a network attacker could present their own and intercept the traffic.

  2. VAU certificates not validated

    The inner VAU layer did not verify the signed keys the server presents. The client could not tell the genuine record system from an impostor, letting an attacker substitute their own keys and complete the handshake.

  3. VAU encryption not implemented to spec

    The VAU channel's encryption deviated from the specification. Under certain conditions, that lets its protection be broken even when the shell is otherwise in place.

When both certificate checks are missing, someone on the network path can read or change patient data in clear text.

Why it happens

The happy path gets tested; the adverse path, that something must not work, far less often, especially in cryptographic code, where a check that quietly always passes looks exactly like one that works. Independent teams landing on the same spot is what makes it a pattern, not a one-off.

Coordinated disclosure in progress

Ongoing

This research is still being disclosed. Further findings are under coordinated disclosure with the affected parties and will be published here as their fixes become available.

Disclosed advisories

Each finding was coordinated with the team that maintains the code and disclosed responsibly. Open an advisory for the severity, identifiers, and the fix.

All advisories

Building on lib-vau? We're happy to help.

If you operate or develop an ePA client, we're glad to be a second pair of eyes on your VAU implementation. Reach out anytime.

Get in touch

Your Audit is Led by Senior Experts

Not juniors. Not generalists. Specialists in medical device security.

Dr. Simon Weber Profile

Dr. rer. nat. Simon Weber

Senior Pentester & MedSec Researcher

I evaluate your SaMD with the same industry-defining security insight I contributed to the BAK MV for the revision of the B3S standard.

  • PhD on Hospital Cybersecurity
  • Critical vulnerabilities found in hospital systems
  • Alumni of THB MedSec Research Group
  • gematik Security Hero
Volker Schönefeld Profile

Dipl.-Inf. Volker Schönefeld

Senior Application Security Expert

As a former CTO and developer turned pentester, I work alongside your team to uncover vulnerabilities and find solutions that fit your architecture.

  • 20+ years as CTO, 50M+ app downloads
  • Architected and secured large-scale IoT fleets
  • Certified Web Exploitation Specialist
  • gematik Security Hero
View Full Team Profiles