CWE-299: Improper Check for Certificate Revocation

Description

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.

Example Vulnerable Codes

Example - 1

The following OpenSSL code ensures that there is a certificate before continuing execution.


// // got a certificate, do secret things// 
if (cert = SSL_get_peer_certificate(ssl)) {

Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The product could be communicating with a malicious host.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-295: Improper Certificate Validation
Go to
CWE-370: Missing Check for Certificate Revocation after Initial Check
Go to
CWE-404: Improper Resource Shutdown or Release
Go to

Visit http://cwe.mitre.org/ for more details.