Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 474

474 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2018-0434 Cisco SD-WAN Solution Certificate Validation Vulnerability — Cisco SD-WAN Solution 7.4 -2018-10-05
CVE-2016-7075 Red Hat OpenShift Enterprise 信任管理问题漏洞 — OpenShift 9.8 -2018-09-10
CVE-2017-7513 Red Hat Satellite 安全漏洞 — Red Hat Satellite 4.2 -2018-08-22
CVE-2017-13105 Hi Security Virus Cleaner - Antivirus, Booster, 3.7.1.1329, 2017-09-13, Android application accepts all SSL certificates during SSL communication — Virus Cleaner - Antivirus, Booster 5.9 -2018-08-15
CVE-2017-2648 CloudBees Jenkins SSH Slaves插件安全漏洞 — jenkins-ssh-slaves-plugin 5.6 -2018-07-27
CVE-2017-2649 CloudBees Jenkins Active Directory插件安全漏洞 — Active Directory Jenkins plugin 8.1 -2018-07-27
CVE-2017-2629 Haxx curl和libcurl 安全漏洞 — curl 5.9 -2018-07-27
CVE-2017-2623 rpm-ostree和rpm-ostree-client 安全漏洞 — rpm-ostree, 5.3 -2018-07-27
CVE-2017-2639 Red Hat CloudForms 安全漏洞 — CloudForms 7.5 -2018-07-27
CVE-2017-7562 MIT krb5 信任管理问题漏洞 — krb5 6.5 -2018-07-26
CVE-2017-3182 On the iOS platform, the ThreatMetrix SDK versions prior to 3.2 fail to validate SSL certificates provided by HTTPS connections, which may allow an attacker to perform a man-in-the-middle (MITM) attack — SDK 6.8 -2018-07-24
CVE-2017-7468 Haxx curl/libcurl 安全漏洞 — curl 9.1 -2018-07-16
CVE-2016-6562 ShoreTel Mobility Client for iOS and Android, version 9.1.3.109 and earlier, fails to properly validate SSL certificates provided by HTTPS connections — Mobility Client iOS 5.3 -2018-07-13
CVE-2018-0334 Cisco AnyConnect Network Access Manager和AnyConnect Secure Mobility Client 安全特征问题漏洞 — Cisco AnyConnect Secure Mobility Client unknown 8.2 -2018-06-07
CVE-2016-10534 electron-packager 安全漏洞 — electron-packager node module 5.9 -2018-05-31
CVE-2018-0277 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine 8.6 -2018-05-17
CVE-2018-4849 Siemens Siveillance VMS Video for Android和iOS 安全漏洞 — Siveillance VMS Video for Android, Siveillance VMS Video for iOS 7.4 -2018-05-03
CVE-2018-0227 多款Cisco产品授权问题漏洞 — Cisco Adaptive Security Appliance 7.5 -2018-04-19
CVE-2017-3190 AXS Flash Seats for iOS和Android 安全漏洞 — Flash Seats Mobile App 6.8 -2017-12-15
CVE-2017-3194 Pandora for iOS 安全漏洞 — Pandora iOS App 7.4 -2017-12-15
CVE-2017-13083 Akeo Consulting Rufus 安全漏洞 — Rufus 7.5 -2017-10-18
CVE-2017-8445 Elasticsearch X-Pack Security TLS trust manager 安全漏洞 — Elastic X-Pack Security 5.5 -2017-08-18
CVE-2017-7932 多款NXP i.MX产品安全漏洞 — NXP i.MX Product Family 5.7 -2017-08-07
CVE-2017-3218 Samsung Magician 安全漏洞 — Magician 8.8 -2017-06-21

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 474 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.