Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 474

474 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2023-50314 IBM WebSphere Application Server Libery information disclosure — WebSphere Application Liberty 5.3 Medium2024-08-14
CVE-2023-50315 IBM WebSphere Application Server information disclosure — WebSphere Application Server 5.3 Medium2024-08-14
CVE-2024-7570 Ivanti ITSM 安全漏洞 — ITSM 8.3 High2024-08-13
CVE-2024-5445 Ecosystem Agent Insufficient Transport Layer Security — Ecosystem Agent 3.8 Low2024-08-08
CVE-2024-7383 Libnbd: nbd server improper certificate validation 7.4 High2024-08-05
CVE-2024-6472 Ability to trust not validated macro signatures removed in high security mode — LibreOffice 7.8 High2024-08-05
CVE-2024-32865 exacqVison - TLS certificate validation — exacqVision 6.4 Medium2024-08-01
CVE-2024-4786 Lenovo Tab K10 信任管理问题漏洞 — Tab K10 2.8 Low2024-07-26
CVE-2023-50178 Fortinet FortiADC 信任管理问题漏洞 — FortiADC 7.2 High2024-07-09
CVE-2023-50179 Fortinet FortiADC 信任管理问题漏洞 — FortiADC 4.7 Medium2024-07-09
CVE-2024-33509 Fortinet FortiWeb 信任管理问题漏洞 — FortiWeb 4.4 Medium2024-07-09
CVE-2024-39312 Botan has an Authorization Error due to Name Constraint Decoding Bug — botan 5.3 Medium2024-07-08
CVE-2024-20080 MediaTek 芯片 安全漏洞 — MT2735, MT2737, MT6761, MT6765, MT6768, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6980, MT6983, MT6985, MT6989, MT6990, MT8666, MT8667, MT8673, MT8676, MT8678 9.8AICriticalAI2024-07-01
CVE-2024-25053 IBM Cognos Analytics improper certificate validation — Cognos Analytics 5.9 Medium2024-06-28
CVE-2024-5261 TLS certificate are not properly verified when utilizing LibreOfficeKit — LibreOffice 9.1AICriticalAI2024-06-25
CVE-2024-28021 Hitachi FOXMAN-UN 信任管理问题漏洞 — FOXMAN-UN 7.4 High2024-06-11
CVE-2024-35140 IBM Security Verify Access privilege escalation — Security Verify Access Docker 7.7 High2024-05-31
CVE-2024-29072 Foxit Reader 信任管理问题漏洞 — Foxit Reader 8.2 High2024-05-28
CVE-2024-35299 JetBrains YouTrack 安全漏洞 — YouTrack 5.9 Medium2024-05-16
CVE-2024-33612 BIG-IP Next Central Manager vulnerability — BIG-IP Next Central Manager 6.8 Medium2024-05-08
CVE-2023-35721 NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability — Multiple Routers 8.8 -2024-05-03
CVE-2024-4063 EZVIZ CS-C6-21WFR-8 Davinci Application certificate validation — CS-C6-21WFR-8 3.7 Low2024-04-23
CVE-2024-4062 Hualai Xiaofang iSC5 certificate validation — iSC5 3.7 Low2024-04-23
CVE-2024-29733 Apache Airflow FTP Provider: FTP_TLS instance with unverified SSL context — Apache Airflow FTP Provider 7.5 -2024-04-21
CVE-2024-3738 cym1102 nginxWebUI saveCmd handlePath certificate validation — nginxWebUI 7.3 High2024-04-13
CVE-2023-50949 IBM QRadar improper certificate validation — QRadar SIEM 5.9 Medium2024-04-11
CVE-2024-31871 IBM Security Verify Access Appliance improper certificate validation — Security Verify Access Appliance 7.5 High2024-04-10
CVE-2024-31872 IBM Security Verify Access Appliance missing certificate validation — Security Verify Access Appliance 7.5 High2024-04-10
CVE-2024-27323 PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability — PDF-XChange Editor 8.8 -2024-04-01
CVE-2024-29887 Serverpod client accepts any certificate — serverpod 7.4 High2024-03-27

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 474 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.