CWE-298 - Improper Validation of Certificate Expiration

CWE-298 Low

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Improper Validation of Certificate Expiration

Description: A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.
When the expiration of a certificate is not taken into account, no trust has necessarily been conveyed through it. Therefore, the validity of the certificate cannot be verified and all benefit of the certificate is lost.

Common Consequences: Scope: Integrity, Other
Impact: Other
Notes: The data read from the system vouched for by the expired certificate may be flawed due to malicious spoofing.
Scope: Authentication, Other
Impact: Other
Notes: Trust afforded to the system in question - based on the expired certificate - may allow for spoofing attacks.

Related Weaknesses

CWE-672Operation on a Resource after Expiration or Release

CWE-295Improper Certificate Validation

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard