Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-GP77-R46P-XFVC

Vulnerability from github – Published: 2026-07-14 18:31 – Updated: 2026-07-14 18:31
VLAI
Details

A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-59836"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T16:17:02Z",
    "severity": "HIGH"
  },
  "details": "A improper certificate validation vulnerability in Fortinet FortiClientEMS 7.4.3 through 7.4.5, FortiClientEMS 7.4.0 through 7.4.1, FortiClientEMS 7.2 all versions may allow attacker to information disclosure via \u003cinsert attack vector here\u003e",
  "id": "GHSA-gp77-r46p-xfvc",
  "modified": "2026-07-14T18:31:56Z",
  "published": "2026-07-14T18:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59836"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-26-147"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GP9V-8HXX-PQXM

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38
VLAI
Details

On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-6562"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-13T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive account information such as login credentials.",
  "id": "GHSA-gp9v-8hxx-pqxm",
  "modified": "2022-05-13T01:38:44Z",
  "published": "2022-05-13T01:38:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-6562"
    },
    {
      "type": "WEB",
      "url": "https://www.info-sec.ca/advisories/ShoreTel-Mobility.html"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/475907"
    },
    {
      "type": "WEB",
      "url": "https://www.securityfocus.com/bid/95224"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQ3H-4HC4-6J3M

Vulnerability from github – Published: 2022-05-24 16:45 – Updated: 2024-04-04 03:03
VLAI
Details

The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal's SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5408"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-05-08T15:30:00Z",
    "severity": "HIGH"
  },
  "details": "The PrinterLogic Print Management software, versions up to and including 18.3.1.96, does not validate, or incorrectly validates, the PrinterLogic management portal\u0027s SSL certificate. When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.",
  "id": "GHSA-gq3h-4hc4-6j3m",
  "modified": "2024-04-04T03:03:04Z",
  "published": "2022-05-24T16:45:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5408"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/169249"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/108285"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQ8M-RWGG-6VV3

Vulnerability from github – Published: 2022-05-13 01:13 – Updated: 2025-04-20 03:47
VLAI
Details

libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-1000256"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-31T15:29:00Z",
    "severity": "HIGH"
  },
  "details": "libvirt version 2.3.0 and later is vulnerable to a bad default configuration of \"verify-peer=no\" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.",
  "id": "GHSA-gq8m-rwgg-6vv3",
  "modified": "2025-04-20T03:47:56Z",
  "published": "2022-05-13T01:13:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000256"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2017-1000256"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/debian-bugs-dist%40lists.debian.org/msg1556251.html"
    },
    {
      "type": "WEB",
      "url": "https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1556251.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2017/dsa-4003"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GQVF-892R-VJM5

Vulnerability from github – Published: 2021-04-13 15:42 – Updated: 2023-07-05 19:26
VLAI
Summary
Improper Certificate Validation in Puppet
Details

Previously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting strict_hostname_checking = true in puppet.conf on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "puppet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.13.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "puppet"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.5.19"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-07T23:15:22Z",
    "nvd_published_at": "2020-02-19T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Previously, Puppet operated on the model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node\u0027s catalog falls back to the `default` node, the catalog can be retrieved for a different node by modifying facts for the Puppet run. This issue can be mitigated by setting `strict_hostname_checking = true` in `puppet.conf` on your Puppet master. Puppet 6.13.0 changes the default behavior for strict_hostname_checking from false to true. It is recommended that Puppet Open Source and Puppet Enterprise users that are not upgrading still set strict_hostname_checking to true to ensure secure behavior.",
  "id": "GHSA-gqvf-892r-vjm5",
  "modified": "2023-07-05T19:26:32Z",
  "published": "2021-04-13T15:42:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7942"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2020-7942.yml"
    },
    {
      "type": "WEB",
      "url": "https://puppet.com/security/cve/CVE-2020-7942"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Certificate Validation in Puppet"
}

GHSA-GQX9-9G2R-R86M

Vulnerability from github – Published: 2025-08-13 15:30 – Updated: 2025-08-13 15:30
VLAI
Details

F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-54809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-13T15:15:38Z",
    "severity": "HIGH"
  },
  "details": "F5 Access for Android before version 3.1.2 which uses HTTPS does not verify the remote endpoint identity.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.",
  "id": "GHSA-gqx9-9g2r-r86m",
  "modified": "2025-08-13T15:30:35Z",
  "published": "2025-08-13T15:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54809"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000152049"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-GRJ7-W2G4-4R4W

Vulnerability from github – Published: 2023-09-19 18:30 – Updated: 2024-04-04 07:44
VLAI
Details

MiniTool Movie Maker 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38354"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-19T16:15:11Z",
    "severity": "HIGH"
  },
  "details": "MiniTool Movie Maker 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.",
  "id": "GHSA-grj7-w2g4-4r4w",
  "modified": "2024-04-04T07:44:08Z",
  "published": "2023-09-19T18:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38354"
    },
    {
      "type": "WEB",
      "url": "https://0dr3f.github.io/cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-GRP5-5X2W-CR8H

Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01
VLAI
Details

Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the option to replace the current certificate and it is not possible to view the certificate password (p12) already deployed on the platform. The replacement p12 certificate returns to users in base64 with its password, which can be accessed by non-administrator users.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-36127"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-07T11:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. When accessing this functionality, the administrator has the option to replace the current certificate and it is not possible to view the certificate password (p12) already deployed on the platform. The replacement p12 certificate returns to users in base64 with its password, which can be accessed by non-administrator users.",
  "id": "GHSA-grp5-5x2w-cr8h",
  "modified": "2022-05-24T19:01:47Z",
  "published": "2022-05-24T19:01:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36127"
    },
    {
      "type": "WEB",
      "url": "https://blog.pridesec.com.br/p/4c972078-5f01-419e-8bea-cf31ff2e3670"
    },
    {
      "type": "WEB",
      "url": "https://marketing.paxtechnology.com/about-pax"
    },
    {
      "type": "WEB",
      "url": "https://www.whatspos.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GRV9-44CV-G58H

Vulnerability from github – Published: 2022-05-24 17:41 – Updated: 2022-05-24 17:41
VLAI
Details

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1354"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-04T17:15:00Z",
    "severity": "LOW"
  },
  "details": "A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data.",
  "id": "GHSA-grv9-44cv-g58h",
  "modified": "2022-05-24T17:41:05Z",
  "published": "2022-05-24T17:41:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1354"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucs-invcert-eOpRvCKH"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-GRV9-X6WX-FW8R

Vulnerability from github – Published: 2022-05-17 19:57 – Updated: 2024-04-03 23:59
VLAI
Details

wolfssl before 3.2.0 does not properly issue certificates for a server's hostname.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2014-2901"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-11-21T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "wolfssl before 3.2.0 does not properly issue certificates for a server\u0027s hostname.",
  "id": "GHSA-grv9-x6wx-fw8r",
  "modified": "2024-04-03T23:59:20Z",
  "published": "2022-05-17T19:57:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-2901"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2014-2901"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2014/04/18/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.