CWE-298: Improper Validation of Certificate Expiration
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.
扩展描述
When the expiration of a certificate is not taken into account, no trust has necessarily been conveyed through it. Therefore, the validity of the certificate cannot be verified and all benefit of the certificate is lost.
常见后果
影响范围: Integrity Other
技术影响: Other
说明: The data read from the system vouched for by the expired certificate may be flawed due to malicious spoofing.
影响范围: Authentication Other
技术影响: Other
说明: Trust afforded to the system in question - based on the expired certificate - may allow for spoofing attacks.
潜在缓解措施
阶段: Architecture and Design
描述: Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.
阶段: Implementation
描述: If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | When the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete. |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Failure to validate certificate expiration | - |