CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-H64P-H4X7-H6R6
Vulnerability from github – Published: 2024-10-18 09:31 – Updated: 2024-10-22 18:32A vulnerability has been identified in Bitdefender Safepay's handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.
{
"affected": [],
"aliases": [
"CVE-2023-6058"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-18T08:15:03Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Bitdefender Safepay\u0027s handling of HTTPS connections. The issue arises when the product blocks a connection due to an untrusted server certificate but allows the user to add the site to exceptions, resulting in the product trusting the certificate for subsequent HTTPS scans. This vulnerability allows an attacker to perform a Man-in-the-Middle (MITM) attack by using a self-signed certificate, which the product will trust after the site has been added to exceptions. This can lead to the interception and potential alteration of secure communications.",
"id": "GHSA-h64p-h4x7-h6r6",
"modified": "2024-10-22T18:32:05Z",
"published": "2024-10-18T09:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6058"
},
{
"type": "WEB",
"url": "https://www.bitdefender.com/support/security-advisories/https-certificate-validation-issue-in-bitdefender-safepay-va-11167"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H65J-9J8P-PPRC
Vulnerability from github – Published: 2025-09-29 21:30 – Updated: 2025-10-09 18:30Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction‑point DLL injection. This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.
{
"affected": [],
"aliases": [
"CVE-2025-34235"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-29T21:15:37Z",
"severity": "CRITICAL"
},
"details": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be enabled by administrators, causing the client to skip SSL/TLS certificate validation. An attacker who can intercept HTTPS traffic can then inject malicious driver DLLs, resulting in remote code execution with SYSTEM privileges; a local attacker can achieve local privilege escalation via a junction\u2011point DLL injection.\u00a0This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced.",
"id": "GHSA-h65j-9j8p-pprc",
"modified": "2025-10-09T18:30:27Z",
"published": "2025-09-29T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34235"
},
{
"type": "WEB",
"url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
},
{
"type": "WEB",
"url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
},
{
"type": "WEB",
"url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#win-lpe-04"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-weak-ssl-tls-certificate-validation-rce"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-H665-2RJQ-27V4
Vulnerability from github – Published: 2026-06-25 15:32 – Updated: 2026-06-25 15:32Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
{
"affected": [],
"aliases": [
"CVE-2026-46734"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T14:16:40Z",
"severity": "HIGH"
},
"details": "Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.",
"id": "GHSA-h665-2rjq-27v4",
"modified": "2026-06-25T15:32:00Z",
"published": "2026-06-25T15:32:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46734"
},
{
"type": "WEB",
"url": "https://www.dell.com/support/kbdoc/en-hk/000475656/dsa-2026-267?msockid=3021cac2195069ed3194ddad186a68f9"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H698-9R6P-X6XW
Vulnerability from github – Published: 2022-05-14 03:43 – Updated: 2022-05-14 03:43Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device.
{
"affected": [],
"aliases": [
"CVE-2017-15341"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-15T16:29:00Z",
"severity": "HIGH"
},
"details": "Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 V600R006C00, TE60 V600R006C00 have a denial of service vulnerability. The software decodes X.509 certificate in an improper way. A remote unauthenticated attacker could send a crafted X.509 certificate to the device. Successful exploit could result in a denial of service on the device.",
"id": "GHSA-h698-9r6p-x6xw",
"modified": "2022-05-14T03:43:43Z",
"published": "2022-05-14T03:43:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15341"
},
{
"type": "WEB",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171129-01-cert-en"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H6Q6-XXWV-MM6V
Vulnerability from github – Published: 2024-08-25 00:30 – Updated: 2025-11-03 21:31An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.
{
"affected": [],
"aliases": [
"CVE-2024-45234"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-24T23:15:04Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort\u0027s BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing.",
"id": "GHSA-h6q6-xxwv-mm6v",
"modified": "2025-11-03T21:31:11Z",
"published": "2024-08-25T00:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45234"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/02/msg00030.html"
},
{
"type": "WEB",
"url": "https://nicmx.github.io/FORT-validator/CVE.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H6WP-6M5M-GC8M
Vulnerability from github – Published: 2022-05-24 17:29 – Updated: 2022-05-24 17:29An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.
{
"affected": [],
"aliases": [
"CVE-2020-15604"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-09-24T02:15:00Z",
"severity": "HIGH"
},
"details": "An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.",
"id": "GHSA-h6wp-6m5m-gc8m",
"modified": "2022-05-24T17:29:22Z",
"published": "2022-05-24T17:29:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15604"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/en-us/article/TMKA-09890"
},
{
"type": "WEB",
"url": "https://helpcenter.trendmicro.com/ja-jp/article/TMKA-09673"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN60093979"
},
{
"type": "WEB",
"url": "https://jvn.jp/jp/JVN60093979"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-H6X7-R5RG-X5FW
Vulnerability from github – Published: 2024-03-28 17:53 – Updated: 2024-03-28 17:53This bug bypassed the validation of TSL certificates on all none web HTTP clients in the serverpod_client package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server.
An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used.
Impact
All versions of serverpod_client pre 1.2.6
Patches
Upgrading to version 1.2.6 resolves this issue.
{
"affected": [
{
"package": {
"ecosystem": "Pub",
"name": "serverpod_client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.2.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-29887"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-03-28T17:53:26Z",
"nvd_published_at": "2024-03-27T19:15:49Z",
"severity": "HIGH"
},
"details": "This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. \n\nAn attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. \n\n### Impact\nAll versions of `serverpod_client` pre `1.2.6`\n\n### Patches\nUpgrading to version `1.2.6` resolves this issue.\n\n",
"id": "GHSA-h6x7-r5rg-x5fw",
"modified": "2024-03-28T17:53:26Z",
"published": "2024-03-28T17:53:26Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/serverpod/serverpod/security/advisories/GHSA-h6x7-r5rg-x5fw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29887"
},
{
"type": "WEB",
"url": "https://github.com/serverpod/serverpod/commit/d55bf8d12967fc7955a875cb3e0f9693bd6d2c71"
},
{
"type": "PACKAGE",
"url": "https://github.com/serverpod/serverpod"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Serverpod client accepts any certificate"
}
GHSA-H746-RM5Q-8MGQ
Vulnerability from github – Published: 2021-05-21 14:31 – Updated: 2023-10-02 12:04Summary
In SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server’s Legacy Node API (github.com/spiffe/spire/pkg/server/endpoints/node) can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1.
What are the changes introduced by the patched versions?
The changes introduced to address this issue are related to enforcing that the FetchX509SVID RPC of SPIRE Server’s Legacy Node API only issues X.509 certificates with SPIFFE IDs that the agent is authorized to distribute.
The patched version also includes a back-ported change that improves the handling of file descriptors related to workload attestation in SPIRE Agent.
There are no changes in the expected behavior of SPIRE.
Should I upgrade SPIRE?
All SPIRE users running affected versions are advised to upgrade to the corresponding patched version.
Workarounds
No workarounds have been identified for this vulnerability.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/spiffe/spire"
},
"ranges": [
{
"events": [
{
"introduced": "0.8.1"
},
{
"fixed": "0.8.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/spiffe/spire"
},
"ranges": [
{
"events": [
{
"introduced": "0.9.0"
},
{
"fixed": "0.9.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/spiffe/spire"
},
"ranges": [
{
"events": [
{
"introduced": "0.10.0"
},
{
"fixed": "0.10.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/spiffe/spire"
},
"ranges": [
{
"events": [
{
"introduced": "0.11.0"
},
{
"fixed": "0.11.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/spiffe/spire"
},
"ranges": [
{
"events": [
{
"introduced": "0.12.0"
},
{
"fixed": "0.12.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-27098"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-21T14:28:38Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "#### Summary\nIn SPIRE 0.8.1 through 0.8.4 and before versions 0.9.4, 0.10.2, 0.11.3 and 0.12.1, specially crafted requests to the FetchX509SVID RPC of SPIRE Server\u2019s Legacy Node API (github.com/spiffe/spire/pkg/server/endpoints/node) can result in the possible issuance of an X.509 certificate with a URI SAN for a SPIFFE ID that the agent is not authorized to distribute. Proper controls are in place to require that the caller presents a valid agent certificate that is already authorized to issue at least one SPIFFE ID, and the requested SPIFFE ID belongs to the same trust domain, prior to being able to trigger this vulnerability. This issue has been fixed in SPIRE versions 0.8.5, 0.9.4, 0.10.2, 0.11.3 and 0.12.1.\n\n#### What are the changes introduced by the patched versions?\nThe changes introduced to address this issue are related to enforcing that the FetchX509SVID RPC of SPIRE Server\u2019s Legacy Node API only issues X.509 certificates with SPIFFE IDs that the agent is authorized to distribute.\n\nThe patched version also includes a back-ported change that improves the handling of file descriptors related to workload attestation in SPIRE Agent.\n\nThere are no changes in the expected behavior of SPIRE.\n\n#### Should I upgrade SPIRE?\nAll SPIRE users running affected versions are advised to upgrade to the corresponding patched version.\n\n#### Workarounds\nNo workarounds have been identified for this vulnerability.",
"id": "GHSA-h746-rm5q-8mgq",
"modified": "2023-10-02T12:04:37Z",
"published": "2021-05-21T14:31:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/spiffe/spire/security/advisories/GHSA-h746-rm5q-8mgq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-27098"
},
{
"type": "WEB",
"url": "https://github.com/spiffe/spire/commit/3c5115b57afc20a0a2c2b1b9dd60dd1fd9082e13"
},
{
"type": "WEB",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27098"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node"
}
GHSA-H773-GVVM-CCJ5
Vulnerability from github – Published: 2022-05-17 02:43 – Updated: 2025-04-20 03:37The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-8940"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-15T18:29:00Z",
"severity": "MODERATE"
},
"details": "The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-h773-gvvm-ccj5",
"modified": "2025-04-20T03:37:44Z",
"published": "2022-05-17T02:43:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8940"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H7FR-R783-5G99
Vulnerability from github – Published: 2026-07-16 00:31 – Updated: 2026-07-16 21:30Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramiko_vendor.py.
{
"affected": [],
"aliases": [
"CVE-2026-38974"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T22:16:47Z",
"severity": "MODERATE"
},
"details": "Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramiko_vendor.py.",
"id": "GHSA-h7fr-r783-5g99",
"modified": "2026-07-16T21:30:33Z",
"published": "2026-07-16T00:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38974"
},
{
"type": "WEB",
"url": "https://github.com/jelmer/dulwich/pull/2123"
},
{
"type": "WEB",
"url": "https://github.com/jelmer/dulwich"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.