CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1906 vulnerabilities reference this CWE, most recent first.
GHSA-Q89F-427X-5P67
Vulnerability from github – Published: 2026-06-10 15:31 – Updated: 2026-06-10 15:31Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted
{
"affected": [],
"aliases": [
"CVE-2026-9758"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-10T14:16:37Z",
"severity": "HIGH"
},
"details": "Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted",
"id": "GHSA-q89f-427x-5p67",
"modified": "2026-06-10T15:31:32Z",
"published": "2026-06-10T15:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9758"
},
{
"type": "WEB",
"url": "https://gitlab.com/systerel/S2OPC/-/work_items/1770"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-Q94C-7F46-5326
Vulnerability from github – Published: 2022-05-17 01:44 – Updated: 2024-02-14 18:30Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.
{
"affected": [],
"aliases": [
"CVE-2012-2993"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-09-18T03:48:00Z",
"severity": "LOW"
},
"details": "Microsoft Windows Phone 7 does not verify the domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate.",
"id": "GHSA-q94c-7f46-5326",
"modified": "2024-02-14T18:30:24Z",
"published": "2022-05-17T01:44:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2993"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78620"
},
{
"type": "WEB",
"url": "http://osvdb.org/85619"
},
{
"type": "WEB",
"url": "http://www.kb.cert.org/vuls/id/389795"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/55569"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1027541"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q9F5-MQV7-56MH
Vulnerability from github – Published: 2022-07-19 00:00 – Updated: 2022-07-26 00:01A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.
{
"affected": [],
"aliases": [
"CVE-2021-22131"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-18T18:15:00Z",
"severity": "MODERATE"
},
"details": "A improper validation of certificate with host mismatch in Fortinet FortiTokenAndroid version 5.0.3 and below, Fortinet FortiTokeniOS version 5.2.0 and below, Fortinet FortiTokenWinApp version 4.0.3 and below allows attacker to retrieve information disclosed via man-in-the-middle attacks.",
"id": "GHSA-q9f5-mqv7-56mh",
"modified": "2022-07-26T00:01:06Z",
"published": "2022-07-19T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22131"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-21-024"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q9MP-79CP-9G8J
Vulnerability from github – Published: 2021-09-02 22:00 – Updated: 2021-08-02 22:18Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/traefik/traefik/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-20894"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-02T22:18:22Z",
"nvd_published_at": "2020-07-02T16:15:00Z",
"severity": "HIGH"
},
"details": "Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without mutual TLS verification in a situation where ERR_BAD_SSL_CLIENT_AUTH_CERT should have occurred.",
"id": "GHSA-q9mp-79cp-9g8j",
"modified": "2021-08-02T22:18:22Z",
"published": "2021-09-02T22:00:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20894"
},
{
"type": "WEB",
"url": "https://github.com/containous/traefik/issues/5312"
},
{
"type": "WEB",
"url": "https://github.com/containous/traefik/pull/7008"
},
{
"type": "WEB",
"url": "https://github.com/containous/traefik/commit/2b353971696717e980521b0e4baa1eba66c8d2bf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Authentication"
}
GHSA-QC5F-CP74-F849
Vulnerability from github – Published: 2023-05-03 21:30 – Updated: 2024-04-04 03:47IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.
{
"affected": [],
"aliases": [
"CVE-2022-39161"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-03T20:15:09Z",
"severity": "MODERATE"
},
"details": "IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069.",
"id": "GHSA-qc5f-cp74-f849",
"modified": "2024-04-04T03:47:15Z",
"published": "2023-05-03T21:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39161"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/235069"
},
{
"type": "WEB",
"url": "https://https://www.ibm.com/support/pages/node/6987779"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6987779"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCGF-5889-9273
Vulnerability from github – Published: 2022-05-14 03:27 – Updated: 2022-05-14 03:27An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the "Security" component. It allows remote attackers to spoof certificate validation via crafted name constraints.
{
"affected": [],
"aliases": [
"CVE-2018-4086"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-03T06:29:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in certain Apple products. iOS before 11.2.5 is affected. macOS before 10.13.3 is affected. tvOS before 11.2.5 is affected. watchOS before 4.2.2 is affected. The issue involves the \"Security\" component. It allows remote attackers to spoof certificate validation via crafted name constraints.",
"id": "GHSA-qcgf-5889-9273",
"modified": "2022-05-14T03:27:11Z",
"published": "2022-05-14T03:27:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4086"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208462"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208463"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208464"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208465"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/102782"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040265"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040267"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF34-J4VQ-Q329
Vulnerability from github – Published: 2021-12-15 00:01 – Updated: 2021-12-21 00:01A vulnerability has been identified in SINUMERIK Edge (All versions < V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.
{
"affected": [],
"aliases": [
"CVE-2021-42027"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-14T12:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SINUMERIK Edge (All versions \u003c V3.2). The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.",
"id": "GHSA-qf34-j4vq-q329",
"modified": "2021-12-21T00:01:29Z",
"published": "2021-12-15T00:01:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42027"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523250.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-QF3V-HHP7-RFH5
Vulnerability from github – Published: 2022-05-17 00:25 – Updated: 2022-05-17 00:25The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates.
{
"affected": [],
"aliases": [
"CVE-2014-7242"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-18T14:29:00Z",
"severity": "MODERATE"
},
"details": "The SumaHo application 3.0.0 and earlier for Android and the SumaHo \"driving capability\" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify SSL/TLS server certificates.",
"id": "GHSA-qf3v-hhp7-rfh5",
"modified": "2022-05-17T00:25:35Z",
"published": "2022-05-17T00:25:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7242"
},
{
"type": "WEB",
"url": "http://jvn.jp/en/jp/JVN27388160/index.html"
},
{
"type": "WEB",
"url": "http://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000125.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF7M-FMFH-9C8V
Vulnerability from github – Published: 2023-01-27 06:30 – Updated: 2023-02-06 21:30In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.
{
"affected": [],
"aliases": [
"CVE-2020-36658"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-27T05:15:00Z",
"severity": "HIGH"
},
"details": "In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix.",
"id": "GHSA-qf7m-fmfh-9c8v",
"modified": "2023-02-06T21:30:33Z",
"published": "2023-01-27T06:30:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36658"
},
{
"type": "WEB",
"url": "https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00024.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-QF8X-VQJV-92GR
Vulnerability from github – Published: 2022-05-04 18:59 – Updated: 2022-06-02 17:39Impact
Weak validation of the Apple certificate URL in the Apple Game Center authentication adapter allows to bypass authentication and makes the server vulnerable to DoS attacks.
Patches
The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.10.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "parse-server"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24901"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-04T18:59:46Z",
"nvd_published_at": "2022-05-04T01:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\nWeak validation of the Apple certificate URL in the Apple Game Center authentication adapter allows to bypass authentication and makes the server vulnerable to DoS attacks.\n\n### Patches\nThe vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it.",
"id": "GHSA-qf8x-vqjv-92gr",
"modified": "2022-06-02T17:39:42Z",
"published": "2022-05-04T18:59:46Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-qf8x-vqjv-92gr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24901"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server/commit/af4a0417a9f3c1e99b3793806b4b18e04d9fa999"
},
{
"type": "WEB",
"url": "https://github.com/parse-community/parse-server"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter "
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.