CWE-295: Improper Certificate Validation
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not validate, or incorrectly validates, a certificate.
常见后果
影响范围: Integrity Authentication
技术影响: Bypass Protection Mechanism Gain Privileges or Assume Identity
说明: When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.
潜在缓解措施
阶段: Architecture and Design Implementation
描述: Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
阶段: Implementation
描述: If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
检测方法
方法: Automated Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Manual Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Dynamic Analysis with Automated Results Interpretation
有效性: SOAR Partial
方法: Dynamic Analysis with Manual Results Interpretation
有效性: High
方法: Manual Static Analysis - Source Code
有效性: High
方法: Automated Static Analysis - Source Code
有效性: SOAR Partial
方法: Architecture or Design Review
有效性: High
观察示例
参考: CVE-2019-12496
A Go framework for robotics, drones, and IoT devices skips verification of root CA certificates by default.
参考: CVE-2014-1266
chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
参考: CVE-2021-22909
Chain: router's firmware update procedure uses curl with "-k" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).
参考: CVE-2008-4989
Verification function trusts certificate chains in which the last certificate is self-signed.
参考: CVE-2012-5821
Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server's certificate is signed by a trusted certification authority (CA)
参考: CVE-2009-3046
Web browser does not check if any intermediate certificates are revoked.
参考: CVE-2011-0199
Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.
参考: CVE-2012-5810
Mobile banking application does not verify hostname, leading to financial loss.
参考: CVE-2012-3446
Cloud-support library written in Python uses incorrect regular expression when matching hostname.
参考: CVE-2009-2408
Web browser does not correctly handle '\0' character (NUL) in Common Name, allowing spoofing of https sites.
参考: CVE-2012-2993
Smartphone device does not verify hostname, allowing spoofing of mail services.
参考: CVE-2012-5822
Application uses third-party library that does not validate hostname.
参考: CVE-2012-5819
Cloud storage management application does not validate hostname.
参考: CVE-2012-5817
Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.
参考: CVE-2010-1378
chain: incorrect calculation allows attackers to bypass certificate checks.
参考: CVE-2005-3170
LDAP client accepts certificates even if they are not from a trusted CA.
参考: CVE-2009-0265
chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.
参考: CVE-2003-1229
chain: product checks if client is trusted when it intended to check if the server is trusted, allowing validation of signed code.
参考: CVE-2002-0862
Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.
参考: CVE-2009-1358
chain: OS package manager does not check properly check the return value, allowing bypass using a revoked certificate.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
| Implementation | When the product uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete. |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| OWASP Top Ten 2004 | A10 | Insecure Configuration Management | CWE More Specific |