CWE-370: Missing Check for Certificate Revocation after Initial Check

Description

The product does not check the revocation status of a certificate after its initial revocation check, which can cause the product to perform privileged actions even after the certificate is revoked at a later time.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

If the revocation status of a certificate is not checked before each action that requires privileges, the system may be subject to a race condition. If a certificate is revoked after the initial check, all subsequent actions taken with the owner of the revoked certificate will lose all benefits guaranteed by the certificate. In fact, it is almost certain that the use of a revoked certificate indicates malicious activity.

Example Vulnerable Codes

Example - 1

The following code checks a certificate before performing an action.



// //do stuff// 
// //do more stuff without the check.// 
foo=SSL_get_verify_result(ssl);foo=SSL_get_verify_result(ssl);if (X509_V_OK==foo)if (cert = SSL_get_peer_certificate(ssl)) {

While the code performs the certificate verification before each action, it does not check the result of the verification after the initial attempt. The certificate may have been revoked in the time between the privileged actions.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-296: Improper Following of a Certificate's Chain of Trust
Go to
CWE-297: Improper Validation of Certificate with Host Mismatch
Go to
CWE-298: Improper Validation of Certificate Expiration
Go to
CWE-299: Improper Check for Certificate Revocation
Go to

Visit http://cwe.mitre.org/ for more details.