CWE-297: Improper Validation of Certificate with Host Mismatch

VariantIncompleteExploit Likelihood: High

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

View on MITRE
Back to CWE Lookup

Extended Description

Even if a certificate is well-formed, signed, and follows the chain of trust, it may simply be a valid certificate for a different site than the site that the product is interacting with. If the certificate's host-specific data is not properly checked - such as the Common Name (CN) in the Subject or the Subject Alternative Name (SAN) extension of an X.509 certificate - it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host. In order to ensure data integrity, the certificate must be valid and it must pertain to the site that is being accessed. Even if the product attempts to check the hostname, it is still possible to incorrectly check the hostname. For example, attackers could create a certificate with a name that begins with a trusted name followed by a NUL byte, which could cause some string-based comparisons to only examine the portion that contains the trusted name. This weakness can occur even when the product uses Certificate Pinning, if the product does not verify the hostname at the time a certificate is pinned.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-297: Improper Validation of Certificate with Host Mismatch?+

CWE-297: Improper Validation of Certificate with Host Mismatch is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host. Even if a certificate is well-formed, signed, and follows the chain of trust, it may simply be a valid certificate for a different site than the site that the product is interacting with. If the certificate's host-specific data is not properly checked - such as the Common Name (CN) in the Subject or the Subject Alternative Name (SAN) extension of an X.509 certificate - it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host. In order to ensure data integrity, the certificate must be valid and it must pertain to the site that is being accessed. Even if the product attempts to check the hostname, it is still possible to incorrectly check the hostname. For example, attackers could create a certificate with a name that begins with a trusted name followed by a NUL byte, which could cause some string-based comparisons to only examine the portion that contains the trusted name. This weakness can occur even when the product uses Certificate Pinning, if the product does not verify the hostname at the time a certificate is pinned.

What are the security consequences of Improper Validation of Certificate with Host Mismatch?+

If exploited, CWE-297 (Improper Validation of Certificate with Host Mismatch) it can compromise Access Control, Authentication and Other, leading to outcomes such as Gain Privileges or Assume Identity and Other.

How do you prevent or mitigate Improper Validation of Certificate with Host Mismatch?+

Recommended mitigations for CWE-297 include: Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed. If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

How is Improper Validation of Certificate with Host Mismatch detected?+

CWE-297 can be detected using Dynamic Analysis with Manual Results Interpretation and Black Box. Combining automated tooling with manual review typically yields the best coverage.

Which programming languages are affected by Improper Validation of Certificate with Host Mismatch?+

CWE-297 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Improper Validation of Certificate with Host Mismatch?+

MITRE documents real CVEs mapped to CWE-297, including CVE-2012-5810, CVE-2012-5811, CVE-2012-5807, CVE-2012-3446 and CVE-2009-2408. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-297 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More