Description
The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate.
There are several ways in which the chain of trust might be broken, including but not limited to:
Potential Impact
Non-Repudiation
Hide Activities
Integrity, Confidentiality, Availability, Access Control
Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands
Demonstrative Examples
if ((cert = SSL_get_peer_certificate(ssl)) && host)foo=SSL_get_verify_result(ssl);
if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))
// certificate looks good, host can be trustedMitigations & Prevention
Ensure that proper certificate checking is included in the system design.
Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity.
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the full chain of trust.
Detection Methods
- Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2016-2402 | Server allows bypass of certificate pinning by sending a chain of trust that includes a trusted CA that is not pinned. |
| CVE-2008-4989 | Verification function trusts certificate chains in which the last certificate is self-signed. |
| CVE-2012-5821 | Chain: Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server's certificate is signed by a trusted certification authority (CA). |
| CVE-2009-3046 | Web browser does not check if any intermediate certificates are revoked. |
| CVE-2009-0265 | chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain. |
| CVE-2009-0124 | chain: incorrect check of return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain. |
| CVE-2002-0970 | File-transfer software does not validate Basic Constraints of an intermediate CA-signed certificate. |
| CVE-2002-0862 | Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints. |
Related Weaknesses
Taxonomy Mappings
- CLASP: — Failure to follow chain of trust in certificate validation
Frequently Asked Questions
What is CWE-296?
CWE-296 (Improper Following of a Certificate's Chain of Trust) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate.
How can CWE-296 be exploited?
Attackers can exploit CWE-296 (Improper Following of a Certificate's Chain of Trust) to hide activities. This weakness is typically introduced during the Implementation, Implementation phase of software development.
How do I prevent CWE-296?
Key mitigations include: Ensure that proper certificate checking is included in the system design.
What is the severity of CWE-296?
CWE-296 is classified as a Base-level weakness (Medium abstraction). It has been observed in 8 real-world CVEs.