All posts by rocco

CWE

CWE-296 – Improper Following of a Certificate’s Chain of Trust

Read Time:1 Minute, 45 Second

Description

The software does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Low

 

Related Weaknesses

CWE-295
CWE-573

 

Consequences

Non-Repudiation: Hide Activities

Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source.

Integrity, Confidentiality, Availability, Access Control: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands

Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Ensure that proper certificate checking is included in the system design.

Phase: Implementation

Description: 

Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity.

Phase: Implementation

Description: 

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the full chain of trust.

CVE References

  • CVE-2016-2402
    • Server allows bypass of certificate pinning by sending a chain of trust that includes a trusted CA that is not pinned.
  • CVE-2008-4989
    • Verification function trusts certificate chains in which the last certificate is self-signed.
  • CVE-2012-5821
    • Chain: Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server’s certificate is signed by a trusted certification authority (CA).
  • CVE-2009-3046
    • Web browser does not check if any intermediate certificates are revoked.
  • CVE-2009-0265
    • chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.
  • CVE-2009-0124
    • chain: incorrect check of return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.
  • CVE-2002-0970
    • File-transfer software does not validate Basic Constraints of an intermediate CA-signed certificate.
  • CVE-2002-0862
    • Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.
CWE

CWE-297 – Improper Validation of Certificate with Host Mismatch

Read Time:2 Minute, 15 Second

Description

The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-923
CWE-295

 

Consequences

Access Control: Gain Privileges or Assume Identity

The data read from the system vouched for by the certificate may not be from the expected system.

Authentication, Other: Other

Trust afforded to the system in question – based on the malicious certificate – may allow for spoofing or redirection attacks.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed.

Phase: Implementation

Description: 

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CVE References

  • CVE-2012-5810
    • Mobile banking application does not verify hostname, leading to financial loss.
  • CVE-2012-5811
    • Mobile application for printing documents does not verify hostname, allowing attackers to read sensitive documents.
  • CVE-2012-5807
    • Software for electronic checking does not verify hostname, leading to financial loss.
  • CVE-2012-3446
    • Cloud-support library written in Python uses incorrect regular expression when matching hostname.