CWE-295 - Improper Certificate Validation

CWE-295

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Improper Certificate Validation

Description: The product does not validate, or incorrectly validates, a certificate.
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.

Common Consequences: Scope: Integrity, Authentication
Impact: Bypass Protection Mechanism, Gain Privileges or Assume Identity

Related Weaknesses

CWE-287Improper AuthenticationHigh

CWE-322Key Exchange without Entity AuthenticationHigh

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard