Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 474

474 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2021-3618 F5 Nginx 信任管理问题漏洞 — ALPACA 9.1 -2022-03-23
CVE-2021-3698 Cockpit 信任管理问题漏洞 — cockpit 7.5 -2022-03-08
CVE-2021-44533 nodejs 信任管理问题漏洞 — Node 7.5 -2022-02-24
CVE-2021-44531 nodejs 信任管理问题漏洞 — Node 7.5 -2022-02-24
CVE-2022-21654 Incorrect configuration handling allows TLS session re-use without re-validation in Envoy — envoy 7.4 High2022-02-22
CVE-2022-21657 X.509 Extended Key Usage and Trust Purposes bypass in Envoy — envoy 6.8 Medium2022-02-22
CVE-2022-21656 X.509 subjectAltName matching bypass in Envoy — envoy 7.4 High2022-02-22
CVE-2022-23649 Improper Certificate Validation in Cosign — cosign 3.3 Low2022-02-18
CVE-2022-23632 Traefik skips the router TLS configuration when the host header is an FQDN — traefik 7.4 High2022-02-17
CVE-2022-24320 EcoStruxure Geo SCADA Expert 信任管理问题漏洞 — ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 5.9 -2022-02-09
CVE-2022-24319 EcoStruxure Geo SCADA Expert 信任管理问题漏洞 — ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) 5.9 -2022-02-09
CVE-2021-21959 Sealevel Systems SeaConnect 370W 信任管理问题漏洞 — Sealevel 8.1 -2022-02-04
CVE-2021-44549 SMTPS server hostname not checked when making TLS connection to SMTPS server — Apache Sling Commons Messaging Mail 7.4 -2021-12-14
CVE-2021-42027 Siemens SINUMERIK 信任管理问题漏洞 — SINUMERIK Edge 7.4 -2021-12-14
CVE-2021-34599 Improper Certificate Validation in CODESYS Git — CODESYS Git 7.4 High2021-12-01
CVE-2021-23167 Gallagher Command Centre Server信任管理问题漏洞 — Command Centre 8.1 High2021-11-18
CVE-2021-26320 AMD Platform Security Processor信任管理问题漏洞 — 1st Gen AMD EPYC™ 5.5 -2021-11-16
CVE-2021-22278 Certificate verification vulnerability in Update Manager of PCM600 Engineering Tool — PCM600 6.7 Medium2021-10-28
CVE-2021-25634 Timestamp Manipulation with Signature Wrapping — LibreOffice 7.5 -2021-10-12
CVE-2021-25633 Content Manipulation with Double Certificate Attack — LibreOffice 7.5 -2021-10-11
CVE-2021-40713 Adobe Experience Manager Improper Certificate Validation Could Lead to Man In The Middle Attack — Experience Manager 5.9 Medium2021-09-27
CVE-2021-37698 Missing TLS service certificate validation in GelfWriter, ElasticsearchWriter, InfluxdbWriter and Influxdb2Writer — icinga2 7.5 High2021-08-19
CVE-2021-32728 End-to-end encryption device setup did not verify public key — security-advisories 6.5 Medium2021-08-18
CVE-2021-22939 node core 信任管理问题漏洞 — Node 5.3 -2021-08-16
CVE-2021-3636 Red Hat OpenShift 授权问题漏洞 — openshift 4.6 -2021-07-30
CVE-2021-32755 Certificate pinning is not enforced on the web socket connection — wire-ios-transport 5.4 Medium2021-07-13
CVE-2021-31892 Siemens SINUMERIK 信任管理问题漏洞 — SINUMERIK Analyse MyCondition 7.4 -2021-07-13
CVE-2021-32727 End-to-end encryption device setup did not verify public key — security-advisories 5.7 Medium2021-07-12
CVE-2021-1134 Cisco DNA Center Certificate Validation Vulnerability — Cisco Digital Network Architecture Center (DNA Center) 9.1 -2021-06-29
CVE-2021-21571 Dell BIOSConnect信任管理问题漏洞 — UEFI BIOS https stack 5.9 Medium2021-06-24

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 474 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.