CWE-299
Improper Check for Certificate Revocation
The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.
Mitigation
Phase: Architecture and Design
Description:
- Ensure that certificates are checked for revoked status.
Mitigation
Phase: Implementation
Description:
- If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the revoked status.
No CAPEC attack patterns related to this CWE.