Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-H92Q-7RP5-87XC

Vulnerability from github – Published: 2023-09-19 18:30 – Updated: 2024-04-04 07:44
VLAI
Details

MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38351"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-19T16:15:10Z",
    "severity": "HIGH"
  },
  "details": "MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack.",
  "id": "GHSA-h92q-7rp5-87xc",
  "modified": "2024-04-04T07:44:17Z",
  "published": "2023-09-19T18:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38351"
    },
    {
      "type": "WEB",
      "url": "https://0dr3f.github.io/cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H956-H9Q8-3C53

Vulnerability from github – Published: 2022-05-14 03:36 – Updated: 2022-05-14 03:36
VLAI
Details

LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-23T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-h956-h9q8-3c53",
  "modified": "2022-05-14T03:36:42Z",
  "published": "2022-05-14T03:36:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0518"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN75453852/index.html"
    },
    {
      "type": "WEB",
      "url": "https://linecorp.com/en/security/article/136"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H963-VPXR-34VR

Vulnerability from github – Published: 2022-05-17 02:45 – Updated: 2025-04-20 03:37
VLAI
Details

Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-05T07:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.",
  "id": "GHSA-h963-vpxr-34vr",
  "modified": "2025-04-20T03:37:14Z",
  "published": "2022-05-17T02:45:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8058"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98318"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H964-F4GX-GW3X

Vulnerability from github – Published: 2024-08-26 06:30 – Updated: 2026-05-12 12:32
VLAI
Details

Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-41996"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-26T06:15:04Z",
    "severity": "HIGH"
  },
  "details": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
  "id": "GHSA-h964-f4gx-gw3x",
  "modified": "2026-05-12T12:32:04Z",
  "published": "2024-08-26T06:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
    },
    {
      "type": "WEB",
      "url": "https://dheatattack.gitlab.io/details"
    },
    {
      "type": "WEB",
      "url": "https://dheatattack.gitlab.io/faq"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H975-5QPW-9PWH

Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37
VLAI
Details

IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-1622"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-12-05T17:29:00Z",
    "severity": "HIGH"
  },
  "details": "IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.",
  "id": "GHSA-h975-5qpw-9pwh",
  "modified": "2022-05-13T01:37:05Z",
  "published": "2022-05-13T01:37:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1622"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133120"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/docview.wss?uid=ibm10742713"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H9H2-JMVV-FR8C

Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2025-11-04 00:30
VLAI
Details

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31871"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T16:15:15Z",
    "severity": "HIGH"
  },
  "details": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation.  IBM X-Force ID:  287306.",
  "id": "GHSA-h9h2-jmvv-fr8c",
  "modified": "2025-11-04T00:30:48Z",
  "published": "2024-04-10T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31871"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287306"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7147932"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Nov/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H9P4-P535-J9JG

Vulnerability from github – Published: 2025-12-11 00:30 – Updated: 2026-01-07 18:30
VLAI
Details

Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-65291"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-10T22:16:26Z",
    "severity": "HIGH"
  },
  "details": "Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.",
  "id": "GHSA-h9p4-p535-j9jg",
  "modified": "2026-01-07T18:30:22Z",
  "published": "2025-12-11T00:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65291"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/CoAP-Certificate-Validation-Bypass.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-H9V3-P9F8-RW7G

Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2024-04-04 02:35
VLAI
Details

The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-2320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-08T19:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.",
  "id": "GHSA-h9v3-p9f8-rw7g",
  "modified": "2024-04-04T02:35:25Z",
  "published": "2022-05-24T16:59:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2320"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2015/dsa-3202"
    },
    {
      "type": "WEB",
      "url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/73256"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2547-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HC2Q-W3C3-348M

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07
VLAI
Details

Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-36371"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-09T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend.",
  "id": "GHSA-hc2q-w3c3-348m",
  "modified": "2022-05-24T19:07:19Z",
  "published": "2022-05-24T19:07:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36371"
    },
    {
      "type": "WEB",
      "url": "https://github.com/emissary-ingress/emissary/issues/3340"
    },
    {
      "type": "WEB",
      "url": "https://github.com/emissary-ingress/emissary/releases/tag/v2.0.0-ea"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HC4M-GMH3-4VXP

Vulnerability from github – Published: 2022-05-02 03:48 – Updated: 2022-05-02 03:48
VLAI
Details

libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2009-3767"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-10-23T19:30:00Z",
    "severity": "MODERATE"
  },
  "details": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
  "id": "GHSA-hc4m-gmh3-4vxp",
  "modified": "2022-05-02T03:48:23Z",
  "published": "2022-05-02T03:48:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3767"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/38769"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/40677"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3937"
    },
    {
      "type": "WEB",
      "url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2009/3056"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2010/1858"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.