Information security specialists in less than two minutes bypassed the protection of the new European Commission application for age verification. This happened a few days after European Commission President Ursula von der Leyen declared the tool technically ready for use. However, the project’s official repository on GitHub There was a clear warning that the published code was only an early version and was not recommended for live deployment.
British security consultant Paul Moore demonstrated the hacking process by simply changing the data in the eudi-wallet.xml configuration file. Deleting the encrypted PIN entries allowed a new password to be set while maintaining access to already confirmed credentials. The same file stored the login attempt counter as a simple integer, allowing it to be reset to zero for infinite brute-force attacks, and biometric authentication was disabled by changing a single Boolean value.
The €4 million project was developed by Scytales and Deutsche Telekom. Following the publication of the vulnerability data, European Commission representatives stated that benchmarking experts had used a demo version and that the identified bug had already been fixed. However, independent researchers Olivier Blasi and Baptiste Robert quickly confirmed that the exploit worked reliably on the most current version of the code published on GitHub.
Click Here For The Original Source.
