Swedbank Estonia Internet bank ID card authentication bypass

preview_player
Показать описание
The flaw in Swedbank Estonia Internet bank allows to login just by knowing the victim's user ID.

Timeline:
2013.04.19. 15:55 - reported to CERT-EE
2013.04.19. 18:30 - fixed by Swedbank Estonia

The flaw is caused by allegedly misconfigured F5 BIG-IP LTM server's failure to verify signature of the X.509 certificate received in the ID card authentication process. The proof-of-concept video shows how victim's original certificate is retrieved from the public LDAP directory and certificate's public key is replaced with a public key from a freshly generated RSA keypair. The modified "fake" certificate is then imported in the browser and submited in the authentication process.

  1. Applied CyberSec @ UniTartuCS
Рекомендации по теме
Swedbank Estonia Internet 0:03:01

Swedbank Estonia Internet bank ID card authentication bypass

SEB Estonia Internet 0:04:14

SEB Estonia Internet bank ID card authentication bypass

Kaip užsiregistruoti į 0:01:48

Kaip užsiregistruoti į banką „Swedbank' internetu 💻, jei neturite savo veikiančio SMART ID?...

Bank ID - 0:03:34

Bank ID - Beställa nytt BankID Steg för Steg. Swedbank via din mobil eller surfplatta

Estonian Internet bank 0:03:04

Estonian Internet bank authentication token cross-site replay

Kā ar Smart-ID 0:00:36

Kā ar Smart-ID veikt maksājumu internetbankā

Swedbank Kundtjänst: Telefonnummer 0:00:43

Swedbank Kundtjänst: Telefonnummer och hemsida

Swedbank Smart-ID 0:00:21

Swedbank Smart-ID

Latvian Internet bank 0:02:31

Latvian Internet bank authentication token cross-site replay

Swedbank Appfilm 0:01:21

Swedbank Appfilm

Så öppnar du 0:03:10

Så öppnar du ISK i Swedbank och Sparbankernas Internetbank - textat

Swedbank kodu energiatõhususe 0:05:27

Swedbank kodu energiatõhususe laen @Ehitame! TV (29.11.2020)

Smart-ID un internetbankas 0:00:46

Smart-ID un internetbankas lietošana mobilajās ierīcēs

Mobile-ID identification at 0:01:48

Mobile-ID identification at Swedbank's call centre

Как со Smart-ID 0:00:37

Как со Smart-ID совершать платежи в интернет-банке

How To Fix 0:01:12

How To Fix Swedbank App Not Working (2025)

Kā Swedbank internetbankā 0:01:21

Kā Swedbank internetbankā noslēgt līzinga līgumu?

Stora problem med 0:00:45

Stora problem med internetbanken för Swedbanks kunder

How to Fix 0:01:33

How to Fix Swedbank Lietuva Not Working / Not Open / Loading Problem in Android

Kā sagatavot konta 0:01:21

Kā sagatavot konta pārskatu no Swedbank internetbankas?

Swedbank SmartID CINEMA 0:00:20

Swedbank SmartID CINEMA

Swedbank 2014 Clear 0:01:52

Swedbank 2014 Clear Channel Estonia

Аналитик: скандал со 0:08:40

Аналитик: скандал со Swedbank — это не причина бежать в банк и снимать деньги...

30 sec pitch: 0:00:27

30 sec pitch: work at Swedbank

Комментарии
Автор

Eestis..Kiviõli linnas..on üks ainuke Swed banka automaat kus saab sula raha panna kaardi peale....ja see automaat on kogu aeg katki...Parandage palun ärä...või Rootsis on sama sittad automaadid?

eurogoogle
welcome to shbcf.ru