CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-PR5J-P9P7-3C46
Vulnerability from github – Published: 2026-05-07 18:30 – Updated: 2026-05-07 21:30Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of the newly enrolled device identity.
{
"affected": [],
"aliases": [
"CVE-2026-7821"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-07T16:16:23Z",
"severity": "HIGH"
},
"details": "Improper certificate validation in Ivanti EPMM before\u00a0versions 12.6.1.1, 12.7.0.1, and 12.8.0.1\u00a0allows a remote unauthenticated attacker\u00a0to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and\u00a0impacting\u00a0on the integrity of the newly enrolled device identity.",
"id": "GHSA-pr5j-p9p7-3c46",
"modified": "2026-05-07T21:30:28Z",
"published": "2026-05-07T18:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7821"
},
{
"type": "WEB",
"url": "https://hub.ivanti.com/s/article/May-2026-Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-Multiple-CVEs?language=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PRCQ-52F8-FP44
Vulnerability from github – Published: 2022-05-17 05:19 – Updated: 2024-09-05 21:32Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-libcloud"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.11.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-3446"
],
"database_specific": {
"cwe_ids": [
"CWE-185",
"CWE-20",
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-12T20:09:02Z",
"nvd_published_at": "2012-11-04T22:55:00Z",
"severity": "MODERATE"
},
"details": "Apache Libcloud before 0.11.1 uses an incorrect regular expression during verification of whether the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate.",
"id": "GHSA-prcq-52f8-fp44",
"modified": "2024-09-05T21:32:21Z",
"published": "2022-05-17T05:19:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3446"
},
{
"type": "WEB",
"url": "https://github.com/apache/libcloud/commit/f2af5502dae3ac63e656dd1b7d5f29cc82ded401"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/libcloud"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-libcloud/PYSEC-2012-12.yaml"
},
{
"type": "WEB",
"url": "https://svn.apache.org/repos/asf/libcloud/trunk/CHANGES"
},
{
"type": "WEB",
"url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Apache Libcloud vulnerable to certificate impersonation"
}
GHSA-PRPH-V9X5-8C8C
Vulnerability from github – Published: 2022-05-24 17:01 – Updated: 2022-05-24 17:01An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.
{
"affected": [],
"aliases": [
"CVE-2019-5102"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-18T18:15:00Z",
"severity": "MODERATE"
},
"details": "An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server\u0027s SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.",
"id": "GHSA-prph-v9x5-8c8c",
"modified": "2022-05-24T17:01:34Z",
"published": "2022-05-24T17:01:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5102"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2019-0893"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PRRP-66V5-646P
Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.
{
"affected": [],
"aliases": [
"CVE-2024-47477"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T15:16:34Z",
"severity": "MODERATE"
},
"details": "Dell PowerFlex Manager, versions prior to 4.5.1.1, contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to man-in-the-middle attack in tandem with DNS cache poisoning.",
"id": "GHSA-prrp-66v5-646p",
"modified": "2026-06-17T18:35:55Z",
"published": "2026-06-17T18:35:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47477"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-us/000477538/dsa-2026-066-security-update-for-powerflex-software-multiple-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PRWP-RV3C-R8V8
Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2024-04-04 01:38The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones.
{
"affected": [],
"aliases": [
"CVE-2019-5280"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-13T21:15:00Z",
"severity": "MODERATE"
},
"details": "The SIP TLS module of Huawei CloudLink Phone 7900 with V600R019C10 has a TLS certificate verification vulnerability. Due to insufficient verification of specific parameters of the TLS server certificate, attackers can perform man-in-the-middle attacks, leading to the affected phones registered abnormally, affecting the availability of IP phones.",
"id": "GHSA-prwp-rv3c-r8v8",
"modified": "2024-04-04T01:38:13Z",
"published": "2022-05-24T16:53:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5280"
},
{
"type": "WEB",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190724-01-7900-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PRXJ-3GCV-CQRH
Vulnerability from github – Published: 2026-04-01 23:01 – Updated: 2026-04-01 23:01Summary
A vulnerability in vehicle authentication allows threat actor with valid client credentials (i.e., a private key and certificate from a rooted infotainment system) to impersonate arbitrary VINs when authenticating to the telemetry server.
Impact
The attacker would be able to submit falsified telemetry records for arbitrary VINs.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.8.0"
},
"package": {
"ecosystem": "Go",
"name": "github.com/teslamotors/fleet-telemetry"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-01T23:01:38Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\nA vulnerability in vehicle authentication allows threat actor with valid client credentials (i.e., a private key and certificate from a rooted infotainment system) to impersonate arbitrary VINs when authenticating to the telemetry server.\n\n### Impact\nThe attacker would be able to submit falsified telemetry records for arbitrary VINs.",
"id": "GHSA-prxj-3gcv-cqrh",
"modified": "2026-04-01T23:01:38Z",
"published": "2026-04-01T23:01:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/teslamotors/fleet-telemetry/security/advisories/GHSA-prxj-3gcv-cqrh"
},
{
"type": "WEB",
"url": "https://github.com/teslamotors/fleet-telemetry/commit/d5ca0dab55812029fd38eb77f079f74ce4f47286"
},
{
"type": "PACKAGE",
"url": "https://github.com/teslamotors/fleet-telemetry"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Tesla Fleet Telemetry allows spoofing telemetry for arbitrary vehicles via compromised vehicle credentials"
}
GHSA-PV39-R52P-8PVG
Vulnerability from github – Published: 2023-11-27 00:30 – Updated: 2023-11-30 21:30Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.
{
"affected": [],
"aliases": [
"CVE-2023-49312"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-26T22:15:06Z",
"severity": "HIGH"
},
"details": "Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows an integrity violation in which the same license key is used on multiple systems, via vectors involving a Process Hacker memory dump, error message inspection, and modification of a MAC address.",
"id": "GHSA-pv39-r52p-8pvg",
"modified": "2023-11-30T21:30:29Z",
"published": "2023-11-27T00:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49312"
},
{
"type": "WEB",
"url": "https://precisionbridge.net/738vulnerability"
},
{
"type": "WEB",
"url": "https://processhacker.sourceforge.io/archive/website_v2/features.php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PV72-R6J5-C86M
Vulnerability from github – Published: 2025-02-21 03:31 – Updated: 2025-02-21 03:31Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server's certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server's response and deliver a malicious update to the user.
{
"affected": [],
"aliases": [
"CVE-2025-1001"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-21T01:15:09Z",
"severity": "MODERATE"
},
"details": "Medixant RadiAnt DICOM Viewer is vulnerable due to failure of the update mechanism to verify the update server\u0027s certificate which could allow an attacker to alter network traffic and carry out a machine-in-the-middle attack (MITM). An attacker could modify the server\u0027s response and deliver a malicious update to the user.",
"id": "GHSA-pv72-r6j5-c86m",
"modified": "2025-02-21T03:31:12Z",
"published": "2025-02-21T03:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1001"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-051-01"
},
{
"type": "WEB",
"url": "https://www.radiantviewer.com/files/RadiAnt-2025.1-Setup.exe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-PV7F-H3W8-W3JH
Vulnerability from github – Published: 2022-09-25 00:00 – Updated: 2023-07-21 18:30Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.
{
"affected": [],
"aliases": [
"CVE-2021-45035"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-23T16:15:00Z",
"severity": "MODERATE"
},
"details": "Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user\u00b4s credentials.",
"id": "GHSA-pv7f-h3w8-w3jh",
"modified": "2023-07-21T18:30:36Z",
"published": "2022-09-25T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45035"
},
{
"type": "WEB",
"url": "https://doc.velneo.com/v/29/velneo/notas-de-la-version#verificacion-de-certificados"
},
{
"type": "WEB",
"url": "https://velneo.es/publicacion-de-incidencia-de-seguridad-en-cve-cve-2021-45035"
},
{
"type": "WEB",
"url": "https://www.incibe-cert.es/en/early-warning/security-advisories/velneo-vclient-improper-authentication"
},
{
"type": "WEB",
"url": "https://www.velneo.com/blog/nueva-revision-velneo-29-2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PVG2-M4MW-28JX
Vulnerability from github – Published: 2022-08-05 00:00 – Updated: 2022-08-11 00:00In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
{
"affected": [],
"aliases": [
"CVE-2022-34865"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-08-04T18:15:00Z",
"severity": "CRITICAL"
},
"details": "In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
"id": "GHSA-pvg2-m4mw-28jx",
"modified": "2022-08-11T00:00:31Z",
"published": "2022-08-05T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-34865"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K25046752"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.