Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 474

474 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-32531 Apache BookKeeper: Java Client Uses Connection to Host that Failed Hostname Verification — Apache BookKeeper 5.9 -2022-12-15
CVE-2022-46153 Routes exposed with an empty TLSOption in traefik — traefik 8.1 High2022-12-08
CVE-2022-39334 nextcloudcmd incorrectly trusts bad TLS certificates — security-advisories 3.9 Low2022-11-25
CVE-2022-33684 Apache Pulsar C++/Python OAuth Clients prior to 3.0.0 were vulnerable to an MITM attack due to Disabled Certificate Validation — Apache Pulsar 8.1 -2022-11-04
CVE-2022-40147 Siemens Industrial Edge Management 信任管理问题漏洞 — Industrial Edge Management 7.4 -2022-10-11
CVE-2022-34394 Dell SmartFabric OS10 信任管理问题漏洞 — Dell Networking OS10 3.7 Low2022-09-28
CVE-2022-39264 nheko vulnerable to secret poisoning using MITM on secret requests by the homeserver — nheko 8.6 High2022-09-28
CVE-2022-33683 Disabled Certificate Validation makes Broker, Proxy Admin Clients vulnerable to MITM attack — Apache Pulsar 5.9 -2022-09-23
CVE-2022-33682 Disabled Hostname Verification makes Brokers, Proxies vulnerable to MITM attack — Apache Pulsar 5.9 -2022-09-23
CVE-2022-33681 Improper Hostname Verification in Java Client and Proxy can expose authentication data via MITM — Apache Pulsar 5.9 -2022-09-23
CVE-2022-1632 Red Hat Openshift 信任管理问题漏洞 — Openshift 6.5 -2022-09-01
CVE-2022-2996 python-scciclient 信任管理问题漏洞 — python-scciclient 7.4 -2022-09-01
CVE-2022-37437 Ingest Actions UI in Splunk Enterprise 9.0.0 disabled TLS certificate validation — Splunk Enterprise 7.4 High2022-08-16
CVE-2022-34865 Traffic intelligence feeds vulnerability CVE-2022-34865 — BIG-IP 4.8 Medium2022-08-04
CVE-2022-31183 mTLS client verification is skipped in fs2 on Node.js — fs2 9.1 Critical2022-08-01
CVE-2022-26305 Execution of Untrusted Macros Due to Improper Certificate Validation — LibreOffice 7.5 -2022-07-25
CVE-2022-20860 Cisco Nexus Dashboard SSL Certificate Validation Vulnerability — Cisco Nexus Dashboard 7.4 High2022-07-21
CVE-2022-32210 IBM App Connect Enterprise 信任管理问题漏洞 — https://github.com/nodejs/undici 6.5 -2022-07-14
CVE-2022-31105 Argo CD's certificate verification is skipped for connections to OIDC providers — argo-cd 8.3 High2022-07-12
CVE-2014-8164 Red Hat CloudForms Management Engine 信任管理问题漏洞 — Red Hat CloudForms 9.1 -2022-07-06
CVE-2022-32152 Splunk Enterprise lacked TLS cert validation for Splunk-to-Splunk communication by default — Splunk Enterprise 8.1 High2022-06-15
CVE-2022-32151 Splunk Enterprise disabled TLS validation using the CA certificate stores in Python 3 libraries by default — Splunk Enterprise 7.4 High2022-06-15
CVE-2022-32156 Splunk Enterprise and Universal Forwarder CLI connections lacked TLS cert validation — Splunk Enterprise 8.1 High2022-06-14
CVE-2020-26184 Dell BSAFE Micro Edition Suite 信任管理问题漏洞 — Dell BSAFE Micro Edition Suite 7.5 High2022-06-01
CVE-2022-29222 Improper Certificate Validation in Pion DTLS — dtls 5.9 Medium2022-05-21
CVE-2013-10001 HTC One/Sense Mail Client certificate validation — One 4.8 Medium2022-05-17
CVE-2022-24901 Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter — parse-server 7.5 High2022-05-04
CVE-2021-3898 Motorola Ready For 信任管理问题漏洞 — Device Help Android App 6.8 Medium2022-04-22
CVE-2022-22549 Dell Technologies Dell PowerScale OneFS 信任管理问题漏洞 — PowerScale OneFS 7.5 High2022-04-12
CVE-2022-0759 ManageIQ MiqExpression 信任管理问题漏洞 — kubeclient 8.1 -2022-03-25

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 474 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.