Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-G788-M4V3-47C7

Vulnerability from github – Published: 2024-08-14 18:32 – Updated: 2024-08-14 18:32
VLAI
Details

IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-50315"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-14T17:15:14Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks.  An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information.  IBM X-Force ID:  274714.",
  "id": "GHSA-g788-m4v3-47c7",
  "modified": "2024-08-14T18:32:41Z",
  "published": "2024-08-14T18:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50315"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/274714"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7165511"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G7JV-PWGR-PP8C

Vulnerability from github – Published: 2022-05-17 00:34 – Updated: 2025-04-20 03:46
VLAI
Details

The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-14582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-30T01:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.",
  "id": "GHSA-g7jv-pwgr-pp8c",
  "modified": "2025-04-20T03:46:06Z",
  "published": "2022-05-17T00:34:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14582"
    },
    {
      "type": "WEB",
      "url": "https://wwws.nightwatchcybersecurity.com/2017/09/27/zoho-site24x7-mobile-network-poller-for-android-didnt-properly-validate-ssl-cve-2017-14582"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101091"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G7PG-WJ9C-H3J9

Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2022-05-17 00:26
VLAI
Details

ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-3706"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-18T14:29:00Z",
    "severity": "MODERATE"
  },
  "details": "ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.",
  "id": "GHSA-g7pg-wj9c-h3j9",
  "modified": "2022-05-17T00:26:05Z",
  "published": "2022-05-17T00:26:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3706"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154977"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101507"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G7VG-V5MG-XQVV

Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:37
VLAI
Details

European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-18632"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-10-30T22:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.",
  "id": "GHSA-g7vg-v5mg-xqvv",
  "modified": "2024-04-04T02:37:08Z",
  "published": "2022-05-24T17:00:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18632"
    },
    {
      "type": "WEB",
      "url": "https://sec-consult.com/en/blog/advisories/15587"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G8R3-5HWF-QP96

Vulnerability from github – Published: 2026-05-08 23:47 – Updated: 2026-06-08 23:34
VLAI
Summary
epa4all-client has a VAU Signature bypass
Details

Impact

In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify(). The method performs certificate chain validation, OCSP check, and signature algorithm setup, but never checks whether the signature actually matches. For any structurally valid signature, it returns true.

Patches

Patched in #34.

Workarounds

None.

Resources

Credits

Machine Spirits (contact@machinespirits.de) - Dr. rer. nat. Simon Weber - Dipl.-Inf. Volker Schönefeld - Chiara Fliegner

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.2.0"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.oviva.telematik:epa4all-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-44900"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-08T23:47:12Z",
    "nvd_published_at": "2026-05-26T22:16:42Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nIn SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify(). The method performs certificate chain validation, OCSP check, and signature algorithm setup, but never checks whether the signature actually matches. For any structurally valid signature, it returns true.\n\n### Patches\nPatched in [#34](https://github.com/oviva-ag/epa4all-client/pull/34).\n\n### Workarounds\nNone.\n\n### Resources\n- [MS-OVIVA-EPA4ALL-d76aec](https://www.machinespirits.com/advisory/d76aec/)\n\n### Credits\n\n[Machine Spirits](https://machinespirits.com) (contact@machinespirits.de)\n- Dr. rer. nat. Simon Weber\n- Dipl.-Inf. Volker Sch\u00f6nefeld\n- Chiara Fliegner",
  "id": "GHSA-g8r3-5hwf-qp96",
  "modified": "2026-06-08T23:34:59Z",
  "published": "2026-05-08T23:47:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/oviva-ag/epa4all-client/security/advisories/GHSA-g8r3-5hwf-qp96"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44900"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oviva-ag/epa4all-client/pull/34"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/oviva-ag/epa4all-client"
    },
    {
      "type": "WEB",
      "url": "https://www.machinespirits.com/advisory/d76aec"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "epa4all-client has a VAU Signature bypass"
}

GHSA-G8RC-WR59-QX7H

Vulnerability from github – Published: 2025-11-10 15:31 – Updated: 2025-11-10 15:31
VLAI
Details

In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-64685"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-10T14:15:44Z",
    "severity": "HIGH"
  },
  "details": "In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure",
  "id": "GHSA-g8rc-wr59-qx7h",
  "modified": "2025-11-10T15:31:05Z",
  "published": "2025-11-10T15:31:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64685"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G927-7PJF-R6QV

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2025-04-20 03:37
VLAI
Details

The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8939"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-15T18:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-g927-7pjf-r6qv",
  "modified": "2025-04-20T03:37:44Z",
  "published": "2022-05-13T01:06:06Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8939"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G997-QV67-C7V6

Vulnerability from github – Published: 2026-02-17 18:32 – Updated: 2026-02-17 18:32
VLAI
Details

An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-65753"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-17T16:20:24Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.",
  "id": "GHSA-g997-qv67-c7v6",
  "modified": "2026-02-17T18:32:56Z",
  "published": "2026-02-17T18:32:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65753"
    },
    {
      "type": "WEB",
      "url": "https://github.com/diegovargasj/CVE-2025-65753"
    },
    {
      "type": "WEB",
      "url": "http://gryphon.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G9VX-QCQW-WCPX

Vulnerability from github – Published: 2023-02-13 03:30 – Updated: 2025-03-21 21:31
VLAI
Details

Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-22367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-13T02:21:00Z",
    "severity": "MODERATE"
  },
  "details": "Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.",
  "id": "GHSA-g9vx-qcqw-wcpx",
  "modified": "2025-03-21T21:31:31Z",
  "published": "2023-02-13T03:30:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22367"
    },
    {
      "type": "WEB",
      "url": "https://apps.apple.com/jp/app/%E4%B8%80%E8%98%AD%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1118806170"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN11257333"
    },
    {
      "type": "WEB",
      "url": "https://play.google.com/store/apps/details?id=jp.co.ichiran.app\u0026hl=ja"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GC7H-MJ38-J8XM

Vulnerability from github – Published: 2022-05-14 03:48 – Updated: 2022-05-14 03:48
VLAI
Details

MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-1000415"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-09T20:29:00Z",
    "severity": "MODERATE"
  },
  "details": "MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.",
  "id": "GHSA-gc7h-mj38-j8xm",
  "modified": "2022-05-14T03:48:15Z",
  "published": "2022-05-14T03:48:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000415"
    },
    {
      "type": "WEB",
      "url": "https://www.ieee-security.org/TC/SP2017/papers/231.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=FW--c_F_cY8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.