CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1903 vulnerabilities reference this CWE, most recent first.
GHSA-XRG3-35MW-8RHG
Vulnerability from github – Published: 2022-07-22 00:00 – Updated: 2022-07-28 00:00A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers.
{
"affected": [],
"aliases": [
"CVE-2022-20860"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-07-21T04:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. This vulnerability exists because SSL server certificates are not validated when Cisco Nexus Dashboard is establishing a connection to Cisco Application Policy Infrastructure Controller (APIC), Cisco Cloud APIC, or Cisco Nexus Dashboard Fabric Controller, formerly Data Center Network Manager (DCNM) controllers. An attacker could exploit this vulnerability by using man-in-the-middle techniques to intercept the traffic between the affected device and the controllers, and then using a crafted certificate to impersonate the controllers. A successful exploit could allow the attacker to alter communications between devices or view sensitive information, including Administrator credentials for these controllers.",
"id": "GHSA-xrg3-35mw-8rhg",
"modified": "2022-07-28T00:00:41Z",
"published": "2022-07-22T00:00:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20860"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nd-tlsvld-TbAQLp3N"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XRPW-625W-CPV3
Vulnerability from github – Published: 2022-05-24 16:55 – Updated: 2024-04-04 01:52Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim?s data in transit.
{
"affected": [],
"aliases": [
"CVE-2019-3751"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-09-03T17:15:00Z",
"severity": "HIGH"
},
"details": "Dell EMC Enterprise Copy Data Management (eCDM) versions 1.0, 1.1, 2.0, 2.1, and 3.0 contain a certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim\u0027s traffic to view or modify a victim?s data in transit.",
"id": "GHSA-xrpw-625w-cpv3",
"modified": "2024-04-04T01:52:38Z",
"published": "2022-05-24T16:55:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3751"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/security/en-us/details/536848/DSA-2019-118-Dell-EMC-Enterprise-Copy-Data-Management-eCDM-Improper-Certificate-Validation-Vuln"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XV64-WPFR-X2M3
Vulnerability from github – Published: 2022-05-14 03:47 – Updated: 2022-05-14 03:47The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a "SMACK SKIP-TLS" issue.
{
"affected": [],
"aliases": [
"CVE-2015-2318"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-08T19:29:00Z",
"severity": "HIGH"
},
"details": "The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a \"SMACK SKIP-TLS\" issue.",
"id": "GHSA-xv64-wpfr-x2m3",
"modified": "2022-05-14T03:47:43Z",
"published": "2022-05-14T03:47:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2318"
},
{
"type": "WEB",
"url": "https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"type": "WEB",
"url": "https://mitls.org/pages/attacks/SMACK#skip"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2015/dsa-3202"
},
{
"type": "WEB",
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/73253"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XVCH-R4WF-H8W9
Vulnerability from github – Published: 2018-11-21 22:22 – Updated: 2024-03-04 21:32The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the 'transport.ssl(...)' methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.29.0"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.qpid:proton-j"
},
"ranges": [
{
"events": [
{
"introduced": "0.3"
},
{
"fixed": "0.30.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-17187"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T22:04:36Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "The Apache Qpid Proton-J transport includes an optional wrapper layer to perform TLS, enabled by use of the \u0027transport.ssl(...)\u0027 methods. Unless a verification mode was explicitly configured, client and server modes previously defaulted as documented to not verifying a peer certificate, with options to configure this explicitly or select a certificate verification mode with or without hostname verification being performed. The latter hostname verifying mode was not implemented in Apache Qpid Proton-J versions 0.3 to 0.29.0, with attempts to use it resulting in an exception. This left only the option to verify the certificate is trusted, leaving such a client vulnerable to Man In The Middle (MITM) attack. Uses of the Proton-J protocol engine which do not utilise the optional transport TLS wrapper are not impacted, e.g. usage within Qpid JMS. Uses of Proton-J utilising the optional transport TLS wrapper layer that wish to enable hostname verification must be upgraded to version 0.30.0 or later and utilise the VerifyMode#VERIFY_PEER_NAME configuration, which is now the default for client mode usage unless configured otherwise.",
"id": "GHSA-xvch-r4wf-h8w9",
"modified": "2024-03-04T21:32:08Z",
"published": "2018-11-21T22:22:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17187"
},
{
"type": "WEB",
"url": "https://github.com/apache/qpid-proton-j/commit/0cb8ca03cec42120dcfc434561592d89a89a805e"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-xvch-r4wf-h8w9"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/PROTON-1962"
},
{
"type": "WEB",
"url": "https://mail-archives.apache.org/mod_mbox/qpid-users/201811.mbox/%3CCAFitrpQSV73Vz7rJYfLJK7gvEymZSCR5ooWUeU8j4jzRydk-eg%40mail.gmail.com%3E"
},
{
"type": "WEB",
"url": "https://qpid.apache.org/cves/CVE-2018-17187.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/105935"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Certificate Validation in proton-j"
}
GHSA-XVFC-W3VV-PGJP
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-04-04 01:32In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).
{
"affected": [],
"aliases": [
"CVE-2017-18479"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-05T13:15:00Z",
"severity": "MODERATE"
},
"details": "In cPanel before 62.0.4, WHM SSL certificate generation uses an unreserved e-mail address (SEC-209).",
"id": "GHSA-xvfc-w3vv-pgjp",
"modified": "2024-04-04T01:32:52Z",
"published": "2022-05-24T16:52:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18479"
},
{
"type": "WEB",
"url": "https://documentation.cpanel.net/display/CL/62+Change+Log"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XVFG-5FQF-M93J
Vulnerability from github – Published: 2022-02-11 00:00 – Updated: 2022-03-17 00:05A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)
{
"affected": [],
"aliases": [
"CVE-2022-24319"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-09T23:15:00Z",
"severity": "MODERATE"
},
"details": "A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions)",
"id": "GHSA-xvfg-5fqf-m93j",
"modified": "2022-03-17T00:05:45Z",
"published": "2022-02-11T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24319"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"
},
{
"type": "WEB",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0018/MNDT-2022-0018.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XVFQ-F68M-7MWG
Vulnerability from github – Published: 2022-05-24 17:16 – Updated: 2024-04-04 02:50In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server.
{
"affected": [],
"aliases": [
"CVE-2020-11806"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-23T15:15:00Z",
"severity": "MODERATE"
},
"details": "In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server.",
"id": "GHSA-xvfq-f68m-7mwg",
"modified": "2024-04-04T02:50:04Z",
"published": "2022-05-24T17:16:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11806"
},
{
"type": "WEB",
"url": "https://help.mailstore.com/security/MAILSTORE-SA-2020-01.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XVV8-8WH9-9FH2
Vulnerability from github – Published: 2022-05-13 01:34 – Updated: 2023-10-06 17:25It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-saml-adapter-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4.0.Final"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.4.0.Final"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-10894"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-21T21:34:55Z",
"nvd_published_at": "2018-08-01T17:29:00Z",
"severity": "MODERATE"
},
"details": "It was found that SAML authentication in Keycloak 3.4.3.Final incorrectly authenticated expired certificates. A malicious user could use this to access unauthorized data or possibly conduct further attacks.",
"id": "GHSA-xvv8-8wh9-9fh2",
"modified": "2023-10-06T17:25:01Z",
"published": "2022-05-13T01:34:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10894"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/812e76c39b1e693e8f11e5549cca2c90631f372e"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3592"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3593"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3595"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:0877"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10894"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak Authentication Error"
}
GHSA-XVX4-V362-295F
Vulnerability from github – Published: 2024-11-14 12:31 – Updated: 2025-10-01 21:30An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you "Allow Authentication with User Credentials OR Client Certificate."
{
"affected": [],
"aliases": [
"CVE-2024-5918"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-14T10:15:08Z",
"severity": "MODERATE"
},
"details": "An improper certificate validation vulnerability in Palo Alto Networks PAN-OS software enables an authorized user with a specially crafted client certificate to connect to an impacted GlobalProtect portal or GlobalProtect gateway as a different legitimate user. This attack is possible only if you \"Allow Authentication with User Credentials OR Client Certificate.\"",
"id": "GHSA-xvx4-v362-295f",
"modified": "2025-10-01T21:30:34Z",
"published": "2024-11-14T12:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5918"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2024-5918"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Amber",
"type": "CVSS_V4"
}
]
}
GHSA-XWHX-6G69-79WC
Vulnerability from github – Published: 2021-12-14 00:00 – Updated: 2021-12-16 00:02The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.
{
"affected": [],
"aliases": [
"CVE-2020-4496"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-13T19:15:00Z",
"severity": "MODERATE"
},
"details": "The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.",
"id": "GHSA-xwhx-6g69-79wc",
"modified": "2021-12-16T00:02:39Z",
"published": "2021-12-14T00:00:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-4496"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/182046"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/6525346"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.