CWE-295: Improper Certificate Validation

Description

The product does not validate, or incorrectly validates, a certificate.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.

Example Vulnerable Codes

Example - 1

This code checks the certificate of a connected peer.

foo=SSL_get_verify_result(ssl);

// // certificate looks good, host can be trusted// 
if ((cert = SSL_get_peer_certificate(ssl)) && host)if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))

In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using an Adversary-in-the-Middle (AITM) attack to modify the traffic from server to client.

Example - 2

The following OpenSSL code obtains a certificate and verifies it.



// // do secret things// 
cert = SSL_get_peer_certificate(ssl);if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) {}

Even though the "verify" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate.

Example - 3

The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.



// //do stuff// 
foo=SSL_get_verify_result(ssl);if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))if (cert = SSL_get_peer(certificate(ssl)) {

If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate.

Example - 4

The following OpenSSL code ensures that there is a certificate before continuing execution.


// // got a certificate, do secret things// 
if (cert = SSL_get_peer_certificate(ssl)) {

Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host.

Example - 5

The following OpenSSL code ensures that the host has a certificate.


// // got certificate, host can be trusted// 
// //foo=SSL_get_verify_result(ssl);// 
// //if (X509_V_OK==foo) ...// 
if (cert = SSL_get_peer_certificate(ssl)) {}

Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-287: Improper Authentication
Go to
CWE-296: Improper Following of a Certificate's Chain of Trust
Go to
CWE-297: Improper Validation of Certificate with Host Mismatch
Go to
CWE-298: Improper Validation of Certificate Expiration
Go to
CWE-299: Improper Check for Certificate Revocation
Go to
CWE-322: Key Exchange without Entity Authentication
Go to
CWE-599: Missing Validation of OpenSSL Certificate
Go to

Visit http://cwe.mitre.org/ for more details.