CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-G788-M4V3-47C7
Vulnerability from github – Published: 2024-08-14 18:32 – Updated: 2024-08-14 18:32IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714.
{
"affected": [],
"aliases": [
"CVE-2023-50315"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-14T17:15:14Z",
"severity": "MODERATE"
},
"details": "IBM WebSphere Application Server 8.5 and 9.0 could allow an attacker with access to the network to conduct spoofing attacks. An attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 274714.",
"id": "GHSA-g788-m4v3-47c7",
"modified": "2024-08-14T18:32:41Z",
"published": "2024-08-14T18:32:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50315"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/274714"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7165511"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G7JV-PWGR-PP8C
Vulnerability from github – Published: 2022-05-17 00:34 – Updated: 2025-04-20 03:46The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.
{
"affected": [],
"aliases": [
"CVE-2017-14582"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-30T01:29:00Z",
"severity": "MODERATE"
},
"details": "The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.",
"id": "GHSA-g7jv-pwgr-pp8c",
"modified": "2025-04-20T03:46:06Z",
"published": "2022-05-17T00:34:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14582"
},
{
"type": "WEB",
"url": "https://wwws.nightwatchcybersecurity.com/2017/09/27/zoho-site24x7-mobile-network-poller-for-android-didnt-properly-validate-ssl-cve-2017-14582"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101091"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G7PG-WJ9C-H3J9
Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2022-05-17 00:26ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
{
"affected": [],
"aliases": [
"CVE-2014-3706"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-18T14:29:00Z",
"severity": "MODERATE"
},
"details": "ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.",
"id": "GHSA-g7pg-wj9c-h3j9",
"modified": "2022-05-17T00:26:05Z",
"published": "2022-05-17T00:26:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3706"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1154977"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101507"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G7VG-V5MG-XQVV
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:37European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.
{
"affected": [],
"aliases": [
"CVE-2019-18632"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-30T22:15:00Z",
"severity": "CRITICAL"
},
"details": "European Commission eIDAS-Node Integration Package before 2.3.1 allows Certificate Faking because an attacker can sign a manipulated SAML response with a forged certificate.",
"id": "GHSA-g7vg-v5mg-xqvv",
"modified": "2024-04-04T02:37:08Z",
"published": "2022-05-24T17:00:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18632"
},
{
"type": "WEB",
"url": "https://sec-consult.com/en/blog/advisories/15587"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G8R3-5HWF-QP96
Vulnerability from github – Published: 2026-05-08 23:47 – Updated: 2026-06-08 23:34Impact
In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify(). The method performs certificate chain validation, OCSP check, and signature algorithm setup, but never checks whether the signature actually matches. For any structurally valid signature, it returns true.
Patches
Patched in #34.
Workarounds
None.
Resources
Credits
Machine Spirits (contact@machinespirits.de) - Dr. rer. nat. Simon Weber - Dipl.-Inf. Volker Schönefeld - Chiara Fliegner
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.2.0"
},
"package": {
"ecosystem": "Maven",
"name": "com.oviva.telematik:epa4all-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44900"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-08T23:47:12Z",
"nvd_published_at": "2026-05-26T22:16:42Z",
"severity": "HIGH"
},
"details": "### Impact\nIn SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify(). The method performs certificate chain validation, OCSP check, and signature algorithm setup, but never checks whether the signature actually matches. For any structurally valid signature, it returns true.\n\n### Patches\nPatched in [#34](https://github.com/oviva-ag/epa4all-client/pull/34).\n\n### Workarounds\nNone.\n\n### Resources\n- [MS-OVIVA-EPA4ALL-d76aec](https://www.machinespirits.com/advisory/d76aec/)\n\n### Credits\n\n[Machine Spirits](https://machinespirits.com) (contact@machinespirits.de)\n- Dr. rer. nat. Simon Weber\n- Dipl.-Inf. Volker Sch\u00f6nefeld\n- Chiara Fliegner",
"id": "GHSA-g8r3-5hwf-qp96",
"modified": "2026-06-08T23:34:59Z",
"published": "2026-05-08T23:47:12Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/oviva-ag/epa4all-client/security/advisories/GHSA-g8r3-5hwf-qp96"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44900"
},
{
"type": "WEB",
"url": "https://github.com/oviva-ag/epa4all-client/pull/34"
},
{
"type": "PACKAGE",
"url": "https://github.com/oviva-ag/epa4all-client"
},
{
"type": "WEB",
"url": "https://www.machinespirits.com/advisory/d76aec"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "epa4all-client has a VAU Signature bypass"
}
GHSA-G8RC-WR59-QX7H
Vulnerability from github – Published: 2025-11-10 15:31 – Updated: 2025-11-10 15:31In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure
{
"affected": [],
"aliases": [
"CVE-2025-64685"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-10T14:15:44Z",
"severity": "HIGH"
},
"details": "In JetBrains YouTrack before 2025.3.104432 missing TLS certificate validation enabled data disclosure",
"id": "GHSA-g8rc-wr59-qx7h",
"modified": "2025-11-10T15:31:05Z",
"published": "2025-11-10T15:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64685"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G927-7PJF-R6QV
Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2025-04-20 03:37The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-8939"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-15T18:29:00Z",
"severity": "MODERATE"
},
"details": "The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-g927-7pjf-r6qv",
"modified": "2025-04-20T03:37:44Z",
"published": "2022-05-13T01:06:06Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8939"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-G997-QV67-C7V6
Vulnerability from github – Published: 2026-02-17 18:32 – Updated: 2026-02-17 18:32An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.
{
"affected": [],
"aliases": [
"CVE-2025-65753"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-17T16:20:24Z",
"severity": "CRITICAL"
},
"details": "An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root.",
"id": "GHSA-g997-qv67-c7v6",
"modified": "2026-02-17T18:32:56Z",
"published": "2026-02-17T18:32:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65753"
},
{
"type": "WEB",
"url": "https://github.com/diegovargasj/CVE-2025-65753"
},
{
"type": "WEB",
"url": "http://gryphon.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-G9VX-QCQW-WCPX
Vulnerability from github – Published: 2023-02-13 03:30 – Updated: 2025-03-21 21:31Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.
{
"affected": [],
"aliases": [
"CVE-2023-22367"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-13T02:21:00Z",
"severity": "MODERATE"
},
"details": "Ichiran App for iOS versions prior to 3.1.0 and Ichiran App for Android versions prior to 3.1.0 improperly verify server certificates, which may allow a remote unauthenticated attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.",
"id": "GHSA-g9vx-qcqw-wcpx",
"modified": "2025-03-21T21:31:31Z",
"published": "2023-02-13T03:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22367"
},
{
"type": "WEB",
"url": "https://apps.apple.com/jp/app/%E4%B8%80%E8%98%AD%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1118806170"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN11257333"
},
{
"type": "WEB",
"url": "https://play.google.com/store/apps/details?id=jp.co.ichiran.app\u0026hl=ja"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-GC7H-MJ38-J8XM
Vulnerability from github – Published: 2022-05-14 03:48 – Updated: 2022-05-14 03:48MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.
{
"affected": [],
"aliases": [
"CVE-2017-1000415"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-09T20:29:00Z",
"severity": "MODERATE"
},
"details": "MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.",
"id": "GHSA-gc7h-mj38-j8xm",
"modified": "2022-05-14T03:48:15Z",
"published": "2022-05-14T03:48:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000415"
},
{
"type": "WEB",
"url": "https://www.ieee-security.org/TC/SP2017/papers/231.pdf"
},
{
"type": "WEB",
"url": "https://www.youtube.com/watch?v=FW--c_F_cY8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.