Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 474

474 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2020-15134 Missing TLS certificate verification in Faye — faye 8.0 High2020-07-31
CVE-2020-10925 NETGEAR R6700 信任管理问题漏洞 — R6700 8.1 -2020-07-28
CVE-2020-5367 Dell EMC Unisphere for PowerMax 信任管理问题漏洞 — Unisphere for PowerMax, Unisphere for PowerMax Virtual Appliance, PowerMax OS 7.4 High2020-06-23
CVE-2020-3342 Cisco Webex Meetings Desktop App for Mac Update Feature Code Execution Vulnerability — Cisco WebEx Meetings Server 8.8 -2020-06-18
CVE-2020-8156 Nextcloud Mail 信任管理问题漏洞 — Nextcloud Mail 7.0 -2020-05-12
CVE-2020-10059 UpdateHub Module Explicitly Disables TLS Verification — zephyr 4.8 Medium2020-05-11
CVE-2020-12144 The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated — 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator  3. EdgeConnect in AWS, Azure, GCP 6.0 Medium2020-05-05
CVE-2020-12143 The certificate used to identify Orchestrator to EdgeConnect devices is not validated — 1. Unity EdgeConnect, NX, VX 2. Unity Orchestrator,   3. EdgeConnect in AWS, Azure, GCP 6.0 Medium2020-05-05
CVE-2020-7922 Kubernetes Operator generates potentially insecure certificates — MongoDB Enterprise Kubernetes Operator 6.4 Medium2020-04-09
CVE-2020-3155 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability — Cisco Jabber IM for Android 7.4 -2020-03-04
CVE-2019-15604 Node.js 信任管理问题漏洞 — Node 7.5 -2020-02-07
CVE-2017-14806 Insecure handling of repodata and packages in SUSE Studio onlite — Studio onsite 3.7 Low2020-01-27
CVE-2019-5102 OpenWrt 信任管理问题漏洞 — OpenWRT 4.0 Medium2019-11-18
CVE-2019-5101 OpenWrt 信任管理问题漏洞 — OpenWRT 4.0 Medium2019-11-18
CVE-2019-3685 Missing TLS certificate validation for HTTPS connections in osc — Open Build Service 7.4 High2019-11-05
CVE-2019-0054 Junos OS: SRX Series: An attacker may be able to perform Man-in-the-Middle (MitM) attacks during app-id signature updates. — Junos OS 6.8 Medium2019-10-09
CVE-2019-3751 Dell EMC Enterprise Copy Data Management 信任管理问题漏洞 — Dell EMC Enterprise Copy Data Management (eCDM) 7.4 -2019-09-03
CVE-2019-1948 Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability — Cisco WebEx Meetings for iOS 5.9 -2019-08-21
CVE-2019-3890 Evolution EWS 信任管理问题漏洞 — evolution-ews 6.5 -2019-08-01
CVE-2019-7615 Elasticsearch Elastic APM agent for Ruby 信任管理问题漏洞 — Elastic APM agent for Ruby 7.4 -2019-07-30
CVE-2019-1010275 helm 信任管理问题漏洞 — helm 9.1 -2019-07-17
CVE-2018-5408 PrinterLogic Print Management Software fails to validate the management portal SSL certificates — Management Software 7.4 -2019-05-08
CVE-2019-1590 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Insecure Fabric Authentication Vulnerability — Cisco NX-OS Software for Nexus 9000 Series Fabric Switches ACI Mode 8.1 -2019-05-03
CVE-2019-1757 Cisco IOS and IOS XE Software Smart Call Home Certificate Validation Vulnerability — Cisco IOS and IOS XE Software 5.9 -2019-03-28
CVE-2019-1748 Cisco IOS and IOS XE Software Network Plug-and-Play Agent Certificate Validation Vulnerability — Cisco IOS and IOS XE Software 7.4 -2019-03-27
CVE-2019-3814 Dovecot 信任管理问题漏洞 — dovecot 5.3 -2019-03-27
CVE-2019-3841 kubevirt containerized data importer 安全漏洞 — kubevirt/virt-cdi-importer 5.9 -2019-03-25
CVE-2019-3777 Apps Manager unverified SSL certs in Cloud Controller proxy — Apps Manager 9.1 -2019-03-07
CVE-2019-1683 Cisco SPA112, SPA525, and SPA5x5 Series IP Phones Certificate Validation Vulnerability — Cisco Small Business SPA500 Series IP Phones 7.4 -2019-02-25
CVE-2019-1659 Cisco Prime Infrastructure Certificate Validation Vulnerability — Cisco Prime Infrastructure 4.0 -2019-02-21

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 474 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.