1. Home
  2. CWE Database
  3. CWE-295
Base · Medium

CWE-295: Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

CWE-295 · Base Level ·21 CVEs ·2 Mitigations

Description

The product does not validate, or incorrectly validates, a certificate.

Potential Impact

Integrity, Authentication

Bypass Protection Mechanism, Gain Privileges or Assume Identity

Demonstrative Examples

This code checks the certificate of a connected peer.
Bad
if ((cert = SSL_get_peer_certificate(ssl)) && host)foo=SSL_get_verify_result(ssl);
                     if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))
                        
                           
                           // certificate looks good, host can be trusted
In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client.
The following OpenSSL code obtains a certificate and verifies it.
Bad
cert = SSL_get_peer_certificate(ssl);if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) {
                        
                           
                           // do secret things
                           
                        
                     }
Even though the "verify" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate.
The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.
Bad
if (cert = SSL_get_peer(certificate(ssl)) {
                        foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))
                              
                                 
                                 //do stuff
If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate.
The following OpenSSL code ensures that there is a certificate before continuing execution.
Bad
if (cert = SSL_get_peer_certificate(ssl)) {
                        
                           
                           // got a certificate, do secret things
Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host.

Mitigations & Prevention

Architecture and DesignImplementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

Detection Methods

  • Automated Static Analysis - Binary or Bytecode SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Manual Static Analysis - Binary or Bytecode SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Dynamic Analysis with Automated Results Interpretation SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Dynamic Analysis with Manual Results Interpretation High — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Manual Static Analysis - Source Code High — According to SOAR [REF-1479], the following detection techniques may be useful:
  • Automated Static Analysis - Source Code SOAR Partial — According to SOAR [REF-1479], the following detection techniques may be useful:

Real-World CVE Examples

CVE IDDescription
CVE-2019-12496A Go framework for robotics, drones, and IoT devices skips verification of root CA certificates by default.
CVE-2014-1266Chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-56
CVE-2021-22909Chain: router's firmware update procedure uses curl with "-k" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firm
CVE-2008-4989Verification function trusts certificate chains in which the last certificate is self-signed.
CVE-2012-5821Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server's certificate is signed by a trusted certification authority (CA)
CVE-2009-3046Web browser does not check if any intermediate certificates are revoked.
CVE-2011-0199Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.
CVE-2012-5810Mobile banking application does not verify hostname, leading to financial loss.
CVE-2012-3446Cloud-support library written in Python uses incorrect regular expression when matching hostname.
CVE-2009-2408Web browser does not correctly handle '\0' character (NUL) in Common Name, allowing spoofing of https sites.
CVE-2012-2993Smartphone device does not verify hostname, allowing spoofing of mail services.
CVE-2012-5822Application uses third-party library that does not validate hostname.
CVE-2012-5819Cloud storage management application does not validate hostname.
CVE-2012-5817Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.
CVE-2010-1378Chain: incorrect calculation (CWE-682) allows attackers to bypass certificate checks (CWE-295)

Showing 15 of 21 observed examples.

CWE-287: Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is cor...

CWE-322: Key Exchange without Entity Authentication

The product performs a key exchange with an actor without verifying the identity of that actor.

Taxonomy Mappings

  • OWASP Top Ten 2004: A10 — Insecure Configuration Management

Frequently Asked Questions

What is CWE-295?

CWE-295 (Improper Certificate Validation) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product does not validate, or incorrectly validates, a certificate.

How can CWE-295 be exploited?

Attackers can exploit CWE-295 (Improper Certificate Validation) to bypass protection mechanism, gain privileges or assume identity. This weakness is typically introduced during the Architecture and Design, Implementation, Implementation phase of software development.

How do I prevent CWE-295?

Key mitigations include: Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

What is the severity of CWE-295?

CWE-295 is classified as a Base-level weakness (Medium abstraction). It has been observed in 21 real-world CVEs.