CWE-299: Improper Check for Certificate Revocation
The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.
View on MITREExtended Description
An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.
Technical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Trust may be assigned to an entity who is not who it claims to be.
Scope
Impact
Data from an untrusted (and possibly malicious) source may be integrated.
Scope
Impact
Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure.
Mitigation Strategies
Phase
Description
Ensure that certificates are checked for revoked status.
Phase
Description
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the revoked status.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Demonstrative Examples
The following OpenSSL code ensures that there is a certificate before continuing execution.
Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The product could be communicating with a malicious host.
Observed CVE Examples (12)
LDAP-over-SSL implementation does not check Certificate Revocation List (CRL), allowing spoofing using a revoked certificate.
View DetailsOperating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.
View DetailsAntivirus product does not check whether certificates from signed executables have been revoked.
View Detailschain: Ruby module for OCSP misinterprets a response, preventing detection of a revoked certificate.
View Detailschain: incorrect parsing of replies from OCSP responders allows bypass using a revoked certificate.
View DetailsRouter can permanently cache certain public keys, which would allow bypass if the certificate is later revoked.
View Detailschain: OS package manager does not properly check the return value, allowing bypass using a revoked certificate.
View Detailschain: language interpreter does not properly check the return value from an OSCP function, allowing bypass using a revoked certificate.
View Detailschain: web service component does not call the expected method, which prevents a check for revoked certificates.
View DetailsProduct cannot access certificate revocation list when an HTTP proxy is being used.
View DetailsCWE Relationships
Frequently Asked Questions
What is CWE-299: Improper Check for Certificate Revocation?+
CWE-299: Improper Check for Certificate Revocation is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised. An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.
What are the security consequences of Improper Check for Certificate Revocation?+
If exploited, CWE-299 (Improper Check for Certificate Revocation) it can compromise Access Control, Integrity, Other and Confidentiality, leading to outcomes such as Gain Privileges or Assume Identity, Other and Read Application Data.
How do you prevent or mitigate Improper Check for Certificate Revocation?+
Recommended mitigations for CWE-299 include: Ensure that certificates are checked for revoked status. If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the revoked status.
Which programming languages are affected by Improper Check for Certificate Revocation?+
CWE-299 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What are real-world examples of Improper Check for Certificate Revocation?+
MITRE documents real CVEs mapped to CWE-299, including CVE-2011-2014, CVE-2011-0199, CVE-2010-5185, CVE-2009-3046 and CVE-2009-0161. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-299 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.