CWE-299 - Improper Check for Certificate Revocation
CWE-299 Medium
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Weakness Name
Improper Check for Certificate Revocation
- Description
The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.
An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.
- Common Consequences
Scope: Access Control
Impact: Gain Privileges or Assume Identity
Notes: Trust may be assigned to an entity who is not who it claims to be.
Scope: Integrity, Other
Impact: Other
Notes: Data from an untrusted (and possibly malicious) source may be integrated.
Scope: Confidentiality
Impact: Read Application Data
Notes: Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website