CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1907 vulnerabilities reference this CWE, most recent first.
GHSA-Q537-77J4-XV6X
Vulnerability from github – Published: 2021-12-11 00:00 – Updated: 2021-12-15 00:01Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.
{
"affected": [],
"aliases": [
"CVE-2021-31747"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-10T19:15:00Z",
"severity": "MODERATE"
},
"details": "Missing SSL Certificate Validation issue exists in Pluck 4.7.15 in update_applet.php, which could lead to man-in-the-middle attacks.",
"id": "GHSA-q537-77j4-xv6x",
"modified": "2021-12-15T00:01:30Z",
"published": "2021-12-11T00:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31747"
},
{
"type": "WEB",
"url": "https://github.com/pluck-cms/pluck/issues/101"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q57H-78H9-M59J
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.
{
"affected": [],
"aliases": [
"CVE-2021-27257"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-05T20:15:00Z",
"severity": "MODERATE"
},
"details": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R7800 firmware version 1.0.2.76. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via FTP. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-12362.",
"id": "GHSA-q57h-78h9-m59j",
"modified": "2022-05-24T17:43:47Z",
"published": "2022-05-24T17:43:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27257"
},
{
"type": "WEB",
"url": "https://kb.netgear.com/000062883/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Satellites-and-Extenders"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-264"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q5M9-8685-C94F
Vulnerability from github – Published: 2022-05-24 17:37 – Updated: 2022-05-24 17:37Ptarmigan before 0.2.3 lacks API token validation, e.g., an "if (token === apiToken) {return true;} return false;" code block.
{
"affected": [],
"aliases": [
"CVE-2019-16281"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-30T21:15:00Z",
"severity": "HIGH"
},
"details": "Ptarmigan before 0.2.3 lacks API token validation, e.g., an \"if (token === apiToken) {return true;} return false;\" code block.",
"id": "GHSA-q5m9-8685-c94f",
"modified": "2022-05-24T17:37:34Z",
"published": "2022-05-24T17:37:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16281"
},
{
"type": "WEB",
"url": "https://github.com/nayutaco/ptarmigan/commit/37fd8f9da3bab9d323ddd77f2fd20b6dde8bcf6c"
},
{
"type": "WEB",
"url": "https://github.com/nayutaco/ptarmigan/compare/v0.2.2...v0.2.3"
},
{
"type": "WEB",
"url": "https://github.com/nayutaco/ptarmigan/releases/tag/v0.2.3"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-Q5RR-6J45-R8GX
Vulnerability from github – Published: 2026-01-01 00:31 – Updated: 2026-01-01 00:31KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
{
"affected": [],
"aliases": [
"CVE-2025-69412"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-01T00:15:40Z",
"severity": "LOW"
},
"details": "KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.",
"id": "GHSA-q5rr-6j45-r8gx",
"modified": "2026-01-01T00:31:26Z",
"published": "2026-01-01T00:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69412"
},
{
"type": "WEB",
"url": "https://github.com/KDE/messagelib/commit/01adef0482bb3d5c817433db5208620c84a992b3"
},
{
"type": "WEB",
"url": "https://developers.google.com/safe-browsing/v4"
},
{
"type": "WEB",
"url": "https://developers.google.com/safe-browsing/v4/lookup-api"
},
{
"type": "WEB",
"url": "https://github.com/KDE/messagelib/compare/v25.11.80...v25.11.90"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q5W9-M93H-R979
Vulnerability from github – Published: 2022-09-13 00:00 – Updated: 2022-09-16 00:00FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.
{
"affected": [],
"aliases": [
"CVE-2022-36173"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-12T21:15:00Z",
"severity": "HIGH"
},
"details": "FreshService macOS Agent \u003c 4.4.0 and FreshServce Linux Agent \u003c 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.",
"id": "GHSA-q5w9-m93h-r979",
"modified": "2022-09-16T00:00:40Z",
"published": "2022-09-13T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36173"
},
{
"type": "WEB",
"url": "https://community.freshworks.com/product-updates/freshservice-release-notes-april-2022-23982#Security+updates:+Discovery+Probe+and+Discovery+Agent"
},
{
"type": "WEB",
"url": "https://public-exposure.inform.social/post/integrity-checking"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q5WF-J98C-FR46
Vulnerability from github – Published: 2024-02-07 18:30 – Updated: 2025-11-04 00:30IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.
{
"affected": [],
"aliases": [
"CVE-2023-32330"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-07T17:15:08Z",
"severity": "HIGH"
},
"details": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 uses insecure calls that could allow an attacker on the network to take control of the server. IBM X-Force ID: 254977.",
"id": "GHSA-q5wf-j98c-fr46",
"modified": "2025-11-04T00:30:46Z",
"published": "2024-02-07T18:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32330"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254977"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7106586"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Nov/0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q669-PQ4M-XJP2
Vulnerability from github – Published: 2022-05-14 03:16 – Updated: 2022-05-14 03:16The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2018-0591"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-05-14T13:29:00Z",
"severity": "MODERATE"
},
"details": "The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver 3.1.2 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-q669-pq4m-xjp2",
"modified": "2022-05-14T03:16:45Z",
"published": "2022-05-14T03:16:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0591"
},
{
"type": "WEB",
"url": "https://itunes.apple.com/us/app/kinepasu-apuridekantan-bian/id637453055?mt=8"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN83671755"
},
{
"type": "WEB",
"url": "https://play.google.com/store/apps/details?id=jp.tjoy.kinepass\u0026hl=en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6CQ-M9GM-6Q2F
Vulnerability from github – Published: 2022-12-25 06:30 – Updated: 2024-10-23 18:34Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "slixmpp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-45197"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-30T17:12:05Z",
"nvd_published_at": "2022-12-25T05:15:00Z",
"severity": "HIGH"
},
"details": "Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.",
"id": "GHSA-q6cq-m9gm-6q2f",
"modified": "2024-10-23T18:34:22Z",
"published": "2022-12-25T06:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45197"
},
{
"type": "PACKAGE",
"url": "https://github.com/poezio/slixmpp"
},
{
"type": "WEB",
"url": "https://github.com/poezio/slixmpp/commits/master/slixmpp/xmlstream/xmlstream.py"
},
{
"type": "WEB",
"url": "https://github.com/poezio/slixmpp/tags"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/slixmpp/PYSEC-2022-43013.yaml"
},
{
"type": "WEB",
"url": "https://lab.louiz.org/poezio/slixmpp/-/commit/b60b1b985db928532f97c4f61d6fbc801f0aa7fa"
},
{
"type": "WEB",
"url": "https://lab.louiz.org/poezio/slixmpp/-/commits/master"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202305-07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Slixmpp lacks SSL Certificate hostname validation in XMLStream"
}
GHSA-Q6H4-2HJC-M9FW
Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2025-04-20 03:39The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9598"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T12:29:00Z",
"severity": "MODERATE"
},
"details": "The \"Morton Credit Union Mobile Banking\" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-q6h4-2hjc-m9fw",
"modified": "2025-04-20T03:39:14Z",
"published": "2022-05-17T02:39:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9598"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6PX-JJ9V-47WH
Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2025-04-20 03:39The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9594"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T12:29:00Z",
"severity": "MODERATE"
},
"details": "The \"SVB Mobile\" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-q6px-jj9v-47wh",
"modified": "2025-04-20T03:39:13Z",
"published": "2022-05-17T02:39:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9594"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.