Common Weakness Enumeration

CWE-296

Improper Following of a Certificate's Chain of Trust

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate.

Mitigation

Phase: Architecture and Design

Description:

  • Ensure that proper certificate checking is included in the system design.
Mitigation

Phase: Implementation

Description:

  • Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity.
Mitigation

Phase: Implementation

Description:

  • If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the full chain of trust.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page