This paper presents a vulnerability assessment activity that we carried outon PosteID, the implementation of the Italian Public Digital Identity System(SPID) by Poste Italiane. The activity led to the discovery of a criticalprivilege escalation vulnerability, which was eventually patched. The overallanalysis and disclosure process represents a valuable case study for thecommunity of ethical hackers. In this work, we present both the technical stepsand the details of the disclosure process.
The Postman: A Journey of Ethical Hacking in PosteID/SPID Borderland
Gabriele Costa
2025
Abstract
This paper presents a vulnerability assessment activity that we carried outon PosteID, the implementation of the Italian Public Digital Identity System(SPID) by Poste Italiane. The activity led to the discovery of a criticalprivilege escalation vulnerability, which was eventually patched. The overallanalysis and disclosure process represents a valuable case study for thecommunity of ethical hackers. In this work, we present both the technical stepsand the details of the disclosure process.File in questo prodotto:
| File | Dimensione | Formato | |
|---|---|---|---|
|
The Postman: A Journey of Ethical Hacking in PosteID/SPID Borderland.pdf
accesso aperto
Tipologia:
Documento in Pre-print
Licenza:
Creative commons
Dimensione
629.92 kB
Formato
Adobe PDF
|
629.92 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
