CWE-295: Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
View on MITRETechnical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.
Mitigation Strategies
Phase
Description
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Phase
Description
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Detection Methods
Method
Dynamic Analysis with Manual Results InterpretationDescription
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Man-in-the-middle attack tool
Effectiveness
HighMethod
Manual Static Analysis - Source CodeDescription
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)
Effectiveness
HighMethod
Architecture or Design ReviewDescription
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
Effectiveness
HighCode Examples & CVEs
Demonstrative Examples
This code checks the certificate of a connected peer.
In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client.
The following OpenSSL code obtains a certificate and verifies it.
Even though the "verify" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate.
The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.
If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate.
The following OpenSSL code ensures that there is a certificate before continuing execution.
Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host.
The following OpenSSL code ensures that the host has a certificate.
Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate.
Observed CVE Examples (20)
A Go framework for robotics, drones, and IoT devices skips verification of root CA certificates by default.
View Detailschain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
View DetailsChain: router's firmware update procedure uses curl with "-k" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).
View DetailsVerification function trusts certificate chains in which the last certificate is self-signed.
View DetailsWeb browser uses a TLS-related function incorrectly, preventing it from verifying that a server's certificate is signed by a trusted certification authority (CA)
View DetailsOperating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.
View DetailsMobile banking application does not verify hostname, leading to financial loss.
View DetailsCloud-support library written in Python uses incorrect regular expression when matching hostname.
View DetailsWeb browser does not correctly handle '\0' character (NUL) in Common Name, allowing spoofing of https sites.
View DetailsSmartphone device does not verify hostname, allowing spoofing of mail services.
View DetailsJava library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.
View Detailschain: incorrect calculation allows attackers to bypass certificate checks.
View Detailschain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.
View Detailschain: product checks if client is trusted when it intended to check if the server is trusted, allowing validation of signed code.
View DetailsCryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.
View Detailschain: OS package manager does not check properly check the return value, allowing bypass using a revoked certificate.
View DetailsCWE Relationships
No relationship information available for this CWE.
Frequently Asked Questions
What is CWE-295: Improper Certificate Validation?+
CWE-295: Improper Certificate Validation is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not validate, or incorrectly validates, a certificate.
What are the security consequences of Improper Certificate Validation?+
If exploited, CWE-295 (Improper Certificate Validation) it can compromise Integrity and Authentication, leading to outcomes such as Bypass Protection Mechanism and Gain Privileges or Assume Identity.
How do you prevent or mitigate Improper Certificate Validation?+
Recommended mitigations for CWE-295 include: Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key. If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
How is Improper Certificate Validation detected?+
CWE-295 can be detected using Dynamic Analysis with Manual Results Interpretation, Manual Static Analysis - Source Code and Architecture or Design Review. Combining automated tooling with manual review typically yields the best coverage.
Which programming languages are affected by Improper Certificate Validation?+
CWE-295 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What are real-world examples of Improper Certificate Validation?+
MITRE documents real CVEs mapped to CWE-295, including CVE-2019-12496, CVE-2014-1266, CVE-2021-22909, CVE-2008-4989 and CVE-2012-5821. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-295 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.