The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.
View on MITREThis could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.
The data read may not be properly secured, it might be viewed by an attacker.
Trust afforded to the system in question may allow for spoofing or redirection attacks.
If the certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data under the guise of a trusted host. While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid, and that it pertains to the site we wish to access.
Ensure that proper authentication is included in the system design.
Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
No detection method information available for this CWE.
The following OpenSSL code ensures that the host has a certificate.
Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate.
CWE-599: Missing Validation of OpenSSL Certificate is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements. This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.
If exploited, CWE-599 (Missing Validation of OpenSSL Certificate) it can compromise Confidentiality and Access Control, leading to outcomes such as Read Application Data, Bypass Protection Mechanism and Gain Privileges or Assume Identity.
Recommended mitigations for CWE-599 include: Ensure that proper authentication is included in the system design. Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
A CWE (Common Weakness Enumeration) like CWE-599 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.