CWE-599: Missing Validation of OpenSSL Certificate

VariantIncomplete

The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.

View on MITRE

Back to CWE Lookup

Extended Description

This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.

Technical Details

Structure: Simple

Applicable To

Languages

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-599

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references