Log4J Security Vulnerability
Incident Report for IDnow GmbH
Resolved
This incident has been resolved.
Posted Feb 07, 2022 - 11:12 CET
Monitoring
A fix has been implemented and we are monitoring the results.
Posted Dec 12, 2021 - 09:36 CET
Investigating
A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.
This announcement summarises any potential impacts to IDnow products and steps taken by IDnow.

Log files have been searched for potential exploitations - no successful attack was detected, as the Web Application Firewall already detects and blocks exploitation attempts. Additional rules have been added by the Security Team. Mitigations have been applied.
Identified applications that are affected and reachable from the internet or accepting user input directly or indirectly have been either patched or shutdown and will remain shutdown until patches or other fixes have been applied.
There is no impact on the identity verification services.

IDnow engineering and security teams continue to actively work on the remediation.
Posted Dec 12, 2021 - 09:22 CET
This incident affected: Europe - IDnow (Video-Ident, eSigning QES, eSigning AES, Photo-Ident, API, AutoIdent), Switzerland - Intrum (Video-Ident, eSigning QES, eSigning AES, Photo-Ident, API), and Test Systems.