Read Time:2 Minute, 53 Second
Description
The software does not validate, or incorrectly validates, a certificate.
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.
A certificate is a token that associates an identity (principal) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-287
CWE-287
CWE-322
Consequences
Integrity, Authentication: Bypass Protection Mechanism, Gain Privileges or Assume Identity
Potential Mitigations
Phase: Architecture and Design, Implementation
Description:
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner’s public key.
Phase: Implementation
Description:
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CVE References
- CVE-2014-1266
- chain: incorrect “goto” in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple “goto fail” bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
- CVE-2021-22909
- Chain: router’s firmware update procedure uses curl with “-k” (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).
- CVE-2008-4989
- Verification function trusts certificate chains in which the last certificate is self-signed.
- CVE-2012-5821
- Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server’s certificate is signed by a trusted certification authority (CA)
- CVE-2009-3046
- Web browser does not check if any intermediate certificates are revoked.
- CVE-2011-0199
- Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.
- CVE-2012-5810
- Mobile banking application does not verify hostname, leading to financial loss.
- CVE-2012-3446
- Cloud-support library written in Python uses incorrect regular expression when matching hostname.
- CVE-2009-2408
- Web browser does not correctly handle ‘�’ character (NUL) in Common Name, allowing spoofing of https sites.
- CVE-2012-2993
- Smartphone device does not verify hostname, allowing spoofing of mail services.
- CVE-2012-5822
- Application uses third-party library that does not validate hostname.
- CVE-2012-5819
- Cloud storage management application does not validate hostname.
- CVE-2012-5817
- Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.
- CVE-2010-1378
- chain: incorrect calculation allows attackers to bypass certificate checks.
- CVE-2005-3170
- LDAP client accepts certificates even if they are not from a trusted CA.
- CVE-2009-0265
- chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.
- CVE-2003-1229
- chain: product checks if client is trusted when it intended to check if the server is trusted, allowing validation of signed code.
- CVE-2002-0862
- Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.
- CVE-2009-1358
- chain: OS package manager does not check properly check the return value, allowing bypass using a revoked certificate.
