目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-599 缺失对OpenSSL证书的验证 类漏洞列表 2

CWE-599 缺失对OpenSSL证书的验证 类弱点 2 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-599 属于证书验证缺失漏洞,指程序在使用 OpenSSL 时未调用 SSL_get_verify_result() 验证证书有效性。攻击者可利用此缺陷实施中间人攻击,通过伪造证书窃取敏感数据或篡改通信内容。开发者应避免盲目信任证书,务必在建立连接后显式调用验证函数,确保证书满足所有安全要求,从而防止恶意实体冒充合法服务。

MITRE CWE 官方描述
CWE:CWE-599 Missing Validation of OpenSSL Certificate 英文:The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements. 中文:该产品使用 OpenSSL,并在未使用 SSL_get_verify_result() 函数确保证书满足所有必要安全要求的情况下信任或使用证书。
常见影响 (3)
ConfidentialityRead Application Data
The data read may not be properly secured - it might be viewed by an attacker.
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
Trust afforded to the system in question may allow for spoofing or redirection attacks.
Access ControlGain Privileges or Assume Identity
If the certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data under the guise of a trusted host. While the attacker in question may have a valid certificate, it may simply be a valid certificate for a dif…
缓解措施 (2)
Architecture and DesignEnsure that proper authentication is included in the system design.
ImplementationUnderstand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
代码示例 (1)
The following OpenSSL code ensures that the host has a certificate.
if (cert = SSL_get_peer_certificate(ssl)) { // got certificate, host can be trusted //foo=SSL_get_verify_result(ssl); //if (X509_V_OK==foo) ... }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-25060 OpenList Frontend 安全漏洞 — OpenList 8.1 High2026-02-02
CVE-2025-12553 Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞 — BLU-IC2 7.5 -2025-10-31

CWE-599(缺失对OpenSSL证书的验证) 是常见的弱点类别,本平台收录该类弱点关联的 2 条 CVE 漏洞。