Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 474

474 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2024-53846 ssl fails to validate incorrect extened key usage — otp 5.5 Medium2024-12-05
CVE-2024-5921 GlobalProtect App: Insufficient Certificate Validation Leads to Privilege Escalation — GlobalProtect App 8.0AIHighAI2024-11-27
CVE-2023-51634 NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability — RAX30 8.8 -2024-11-22
CVE-2024-52510 Nextcloud Desktop client behaves incorrectly if the initial end-to-end-encryption signature is empty — security-advisories 4.2 Medium2024-11-15
CVE-2022-20814 Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnerability — Cisco TelePresence Video Communication Server (VCS) Expressway 7.4 High2024-11-15
CVE-2024-5918 PAN-OS: Improper Certificate Validation Enables Impersonation of a Legitimate GlobalProtect User — Cloud NGFW 8.1AIHighAI2024-11-14
CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections — icinga2 9.8 Critical2024-11-12
CVE-2024-30149 HCL AppScan Source is affected by an expired TLS/SSL certificate — AppScan Source 4.8 Medium2024-10-31
CVE-2024-43177 IBM Concert improper certificate validation — Concert 5.9 Medium2024-10-22
CVE-2024-47241 Dell Secure Connect Gateway 信任管理问题漏洞 — Secure Connect Gateway (SCG) 5.0 Appliance - SRS 5.5 Medium2024-10-18
CVE-2023-49570 Insecure Trust of Basic Constraints certificate in Bitdefender Total Security HTTPS Scanning (VA-11210) — Total Security 7.4 -2024-10-18
CVE-2023-49567 Insecure Trust of certificates using collision hash functions in Bitdefender Total Security HTTPS Scanning (VA-11239) — Total Security 7.4 -2024-10-18
CVE-2023-6058 HTTPS Certificate Validation Issue in Bitdefender Safepay (VA-11167) — Total Security 7.4 -2024-10-18
CVE-2023-6057 Insecure Trust of DSA-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11166) — Total Security 5.9 -2024-10-18
CVE-2023-6056 Insecure Trust of Self-Signed Certificates in Bitdefender Total Security HTTPS Scanning (VA-11164) — Total Security 7.4 -2024-10-18
CVE-2023-6055 Improper Certificate Validation in Bitdefender Total Security HTTPS Scanning (VA-11158) — Total Security 7.4 -2024-10-18
CVE-2024-22030 Rancher agents can be hijacked by taking over the Rancher Server URL — rancher 8.0 High2024-10-16
CVE-2024-48915 Agent Dart missing certificate verification checks — agent_dart 7.5 -2024-10-15
CVE-2024-43550 Windows Secure Channel Spoofing Vulnerability — Windows 10 Version 1809 7.4 High2024-10-08
CVE-2024-7206 Firmware extraction and Hardware SSL Pinning Bypass — Zigbee Bridge Pro 7.8AIHighAI2024-10-08
CVE-2024-20385 Cisco Nexus Dashboard Orchestrator SSL Certificate Validation Vulnerability — Cisco Nexus Dashboard Orchestrator 5.9 Medium2024-10-02
CVE-2024-9160 Security Misconfiguration in Forge module PEADM — PEADM Forge Module 9.1AICriticalAI2024-09-27
CVE-2024-38861 Lack of TLS validation in plugin MikroTik on Checkmk Exchange 5.9AIMediumAI2024-09-27
CVE-2024-43201 Planet Fitness Workouts mobile apps do not properly validate TLS certificates — Planet Fitness Workouts 8.8 High2024-09-23
CVE-2024-8287 Anbox Management Service 安全漏洞 — Anbox Cloud 7.5 High2024-09-18
CVE-2022-45856 Fortinet FortiClient 信任管理问题漏洞 — FortiClientiOS 4.6 Medium2024-09-10
CVE-2024-31489 Fortinet FortiClient 信任管理问题漏洞 — FortiClientMac 6.4 Medium2024-09-10
CVE-2024-38642 QuMagie — QuMagie 7.8 -2024-09-06
CVE-2024-37311 Collabora Online's remote host TLS certificates are not fully verified — online 8.2 High2024-08-23
CVE-2024-8007 Openstack-tripleo-common: rhosp director disables tls verification for registry mirrors 8.1 High2024-08-21

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 474 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.