Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1903 vulnerabilities reference this CWE, most recent first.

GHSA-X38V-8Q6P-W65C

Vulnerability from github – Published: 2022-06-03 00:01 – Updated: 2024-03-27 15:30
VLAI
Details

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27782"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-06-02T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.",
  "id": "GHSA-x38v-8q6p-w65c",
  "modified": "2024-03-27T15:30:35Z",
  "published": "2022-06-03T00:01:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/1555796"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220609-0009"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/03/20/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3MP-WRFX-JWGF

Vulnerability from github – Published: 2022-05-14 01:54 – Updated: 2022-05-14 01:54
VLAI
Details

The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-15898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-11T21:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction data.",
  "id": "GHSA-x3mp-wrfx-jwgf",
  "modified": "2022-05-14T01:54:34Z",
  "published": "2022-05-14T01:54:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-15898"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/149267/Subsonic-Music-Streamer-4.4-For-Android-Improper-Certificate-Validation.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Sep/6"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3VM-975Q-MG2X

Vulnerability from github – Published: 2022-05-17 01:38 – Updated: 2024-02-14 18:30
VLAI
Details

The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python urllib2 library.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2012-5822"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2012-11-04T22:55:00Z",
    "severity": "MODERATE"
  },
  "details": "The contribution feature in Zamboni does not verify that the server hostname matches a domain name in the subject\u0027s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to use of the Python urllib2 library.",
  "id": "GHSA-x3vm-975q-mg2x",
  "modified": "2024-02-14T18:30:24Z",
  "published": "2022-05-17T01:38:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5822"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79929"
    },
    {
      "type": "WEB",
      "url": "http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3VR-472G-GMXM

Vulnerability from github – Published: 2024-02-07 18:30 – Updated: 2025-11-04 00:30
VLAI
Details

IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43017"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-07T17:15:09Z",
    "severity": "HIGH"
  },
  "details": "IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access.  IBM X-Force ID:  266155.",
  "id": "GHSA-x3vr-472g-gmxm",
  "modified": "2025-11-04T00:30:46Z",
  "published": "2024-02-07T18:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43017"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/266155"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7106586"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Nov/0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3XW-JP2M-77MV

Vulnerability from github – Published: 2024-09-10 15:31 – Updated: 2024-09-10 15:31
VLAI
Details

AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11, FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31489"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-10T15:15:15Z",
    "severity": "MODERATE"
  },
  "details": "AAn improper certificate validation vulnerability [CWE-295] in FortiClientWindows 7.2.0 through 7.2.2, 7.0.0 through 7.0.11,  FortiClientLinux 7.2.0, 7.0.0 through 7.0.11 and FortiClientMac 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the communication channel between the FortiGate and the FortiClient during the ZTNA tunnel creation",
  "id": "GHSA-x3xw-jp2m-77mv",
  "modified": "2024-09-10T15:31:05Z",
  "published": "2024-09-10T15:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31489"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X45J-4G47-7HXX

Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12
VLAI
Details

Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11747"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-21T16:00:00Z",
    "severity": "CRITICAL"
  },
  "details": "Previously, Puppet Discovery was shipped with a default generated TLS certificate in the nginx container. In version 1.4.0, a unique certificate will be generated on installation or the user will be able to provide their own TLS certificate for ingress.",
  "id": "GHSA-x45j-4g47-7hxx",
  "modified": "2022-05-13T01:12:18Z",
  "published": "2022-05-13T01:12:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11747"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://puppet.com/security/cve/CVE-2018-11747"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X47W-FX67-QH3W

Vulnerability from github – Published: 2022-09-02 00:01 – Updated: 2022-09-08 00:00
VLAI
Details

An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1632"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-09-01T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.",
  "id": "GHSA-x47w-fx67-qh3w",
  "modified": "2022-09-08T00:00:29Z",
  "published": "2022-09-02T00:01:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1632"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2022-1632"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2081181"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4MP-4V4C-7JXP

Vulnerability from github – Published: 2022-05-17 03:17 – Updated: 2022-05-17 03:17
VLAI
Details

NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-7171"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-05T18:59:00Z",
    "severity": "MODERATE"
  },
  "details": "NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use of a non-unique server certificate, making it vulnerable to impersonation.",
  "id": "GHSA-x4mp-4v4c-7jxp",
  "modified": "2022-05-17T03:17:54Z",
  "published": "2022-05-17T03:17:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7171"
    },
    {
      "type": "WEB",
      "url": "https://kb.netapp.com/support/s/article/NTAP-20161129-0001"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94659"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037391"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X52G-MPQC-54V5

Vulnerability from github – Published: 2022-05-24 19:09 – Updated: 2022-05-24 19:09
VLAI
Details

Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12681"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-26T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied.",
  "id": "GHSA-x52g-mpqc-54v5",
  "modified": "2022-05-24T19:09:14Z",
  "published": "2022-05-24T19:09:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12681"
    },
    {
      "type": "WEB",
      "url": "https://www.3xlogic.com/products/access-control/infinias-ethernet-enabled-integrated-door-controller-eidc"
    },
    {
      "type": "WEB",
      "url": "https://www.3xlogic.com/sites/www.3xlogic.com/files/media/2020-08/INF_RN_infinias_eIDC32_V3.9_Firmware%20Release_08142020.pdf"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X5C7-H5CC-RHVJ

Vulnerability from github – Published: 2026-04-03 21:31 – Updated: 2026-04-03 21:31
VLAI
Details

Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena.

To remediate this issue, users should upgrade to version 2.1.0.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-35560"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-03T21:17:12Z",
    "severity": "CRITICAL"
  },
  "details": "Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena.\n\nTo remediate this issue, users should upgrade to version 2.1.0.0.",
  "id": "GHSA-x5c7-h5cc-rhvj",
  "modified": "2026-04-03T21:31:43Z",
  "published": "2026-04-03T21:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35560"
    },
    {
      "type": "WEB",
      "url": "https://aws.amazon.com/security/security-bulletins/2026-013-aws"
    },
    {
      "type": "WEB",
      "url": "https://docs.aws.amazon.com/athena/latest/ug/odbc-v2-driver-release-notes.html"
    },
    {
      "type": "WEB",
      "url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Linux/AmazonAthenaODBC-2.1.0.0.rpm"
    },
    {
      "type": "WEB",
      "url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/Intel/AmazonAthenaODBC-2.1.0.0_x86.pkg"
    },
    {
      "type": "WEB",
      "url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Mac/arm/AmazonAthenaODBC-2.1.0.0_arm.pkg"
    },
    {
      "type": "WEB",
      "url": "https://downloads.athena.us-east-1.amazonaws.com/drivers/ODBC/v2.1.0.0/Windows/AmazonAthenaODBC-2.1.0.0.msi"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.