CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-H92Q-7RP5-87XC
Vulnerability from github – Published: 2023-09-19 18:30 – Updated: 2024-04-04 07:44MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack.
{
"affected": [],
"aliases": [
"CVE-2023-38351"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-19T16:15:10Z",
"severity": "HIGH"
},
"details": "MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack.",
"id": "GHSA-h92q-7rp5-87xc",
"modified": "2024-04-04T07:44:17Z",
"published": "2023-09-19T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38351"
},
{
"type": "WEB",
"url": "https://0dr3f.github.io/cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H956-H9Q8-3C53
Vulnerability from github – Published: 2022-05-14 03:36 – Updated: 2022-05-14 03:36LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2018-0518"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-02-23T15:29:00Z",
"severity": "MODERATE"
},
"details": "LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-h956-h9q8-3c53",
"modified": "2022-05-14T03:36:42Z",
"published": "2022-05-14T03:36:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0518"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN75453852/index.html"
},
{
"type": "WEB",
"url": "https://linecorp.com/en/security/article/136"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H963-VPXR-34VR
Vulnerability from github – Published: 2022-05-17 02:45 – Updated: 2025-04-20 03:37Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.
{
"affected": [],
"aliases": [
"CVE-2017-8058"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-05T07:29:00Z",
"severity": "MODERATE"
},
"details": "Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.",
"id": "GHSA-h963-vpxr-34vr",
"modified": "2025-04-20T03:37:14Z",
"published": "2022-05-17T02:45:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8058"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/98318"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H964-F4GX-GW3X
Vulnerability from github – Published: 2024-08-26 06:30 – Updated: 2026-05-12 12:32Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.
{
"affected": [],
"aliases": [
"CVE-2024-41996"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-26T06:15:04Z",
"severity": "HIGH"
},
"details": "Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations. The client may cause asymmetric resource consumption. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE and validate the order of the public key.",
"id": "GHSA-h964-f4gx-gw3x",
"modified": "2026-05-12T12:32:04Z",
"published": "2024-08-26T06:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41996"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-485750.html"
},
{
"type": "WEB",
"url": "https://dheatattack.gitlab.io/details"
},
{
"type": "WEB",
"url": "https://dheatattack.gitlab.io/faq"
},
{
"type": "WEB",
"url": "https://gist.github.com/c0r0n3r/abccc14d4d96c0442f3a77fa5ca255d1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H975-5QPW-9PWH
Vulnerability from github – Published: 2022-05-13 01:37 – Updated: 2022-05-13 01:37IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.
{
"affected": [],
"aliases": [
"CVE-2017-1622"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-12-05T17:29:00Z",
"severity": "HIGH"
},
"details": "IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.",
"id": "GHSA-h975-5qpw-9pwh",
"modified": "2022-05-13T01:37:05Z",
"published": "2022-05-13T01:37:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1622"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/133120"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/docview.wss?uid=ibm10742713"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H9H2-JMVV-FR8C
Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2025-11-04 00:30IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.
{
"affected": [],
"aliases": [
"CVE-2024-31871"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T16:15:15Z",
"severity": "HIGH"
},
"details": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306.",
"id": "GHSA-h9h2-jmvv-fr8c",
"modified": "2025-11-04T00:30:48Z",
"published": "2024-04-10T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31871"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287306"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7147932"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Nov/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-H9P4-P535-J9JG
Vulnerability from github – Published: 2025-12-11 00:30 – Updated: 2026-01-07 18:30Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.
{
"affected": [],
"aliases": [
"CVE-2025-65291"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-10T22:16:26Z",
"severity": "HIGH"
},
"details": "Aqara Hub devices including Hub M2 4.3.6_0027, Hub M3 4.3.6_0025, Camera Hub G3 4.1.9_0027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring.",
"id": "GHSA-h9p4-p535-j9jg",
"modified": "2026-01-07T18:30:22Z",
"published": "2025-12-11T00:30:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65291"
},
{
"type": "WEB",
"url": "https://github.com/Chapoly1305/myCVEReports/blob/main/Aqara/CoAP-Certificate-Validation-Bypass.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-H9V3-P9F8-RW7G
Vulnerability from github – Published: 2022-05-24 16:59 – Updated: 2024-04-04 02:35The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.
{
"affected": [],
"aliases": [
"CVE-2015-2320"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-08T19:29:00Z",
"severity": "CRITICAL"
},
"details": "The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback.",
"id": "GHSA-h9v3-p9f8-rw7g",
"modified": "2024-04-04T02:35:25Z",
"published": "2022-05-24T16:59:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2320"
},
{
"type": "WEB",
"url": "https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2015/dsa-3202"
},
{
"type": "WEB",
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/73256"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HC2Q-W3C3-348M
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-05-24 19:07Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend.
{
"affected": [],
"aliases": [
"CVE-2021-36371"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-09T21:15:00Z",
"severity": "MODERATE"
},
"details": "Emissary-Ingress (formerly Ambassador API Gateway) through 1.13.9 allows attackers to bypass client certificate requirements (i.e., mTLS cert_required) on backend upstreams when more than one TLSContext is defined and at least one configuration exists that does not require client certificate authentication. The attacker must send an SNI specifying an unprotected backend and an HTTP Host header specifying a protected backend.",
"id": "GHSA-hc2q-w3c3-348m",
"modified": "2022-05-24T19:07:19Z",
"published": "2022-05-24T19:07:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36371"
},
{
"type": "WEB",
"url": "https://github.com/emissary-ingress/emissary/issues/3340"
},
{
"type": "WEB",
"url": "https://github.com/emissary-ingress/emissary/releases/tag/v2.0.0-ea"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HC4M-GMH3-4VXP
Vulnerability from github – Published: 2022-05-02 03:48 – Updated: 2022-05-02 03:48libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
{
"affected": [],
"aliases": [
"CVE-2009-3767"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-10-23T19:30:00Z",
"severity": "MODERATE"
},
"details": "libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"id": "GHSA-hc4m-gmh3-4vxp",
"modified": "2022-05-02T03:48:23Z",
"published": "2022-05-02T03:48:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3767"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11178"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7274"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036138.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
},
{
"type": "WEB",
"url": "http://marc.info/?l=oss-security\u0026m=125369675820512\u0026w=2"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/38769"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/40677"
},
{
"type": "WEB",
"url": "http://security.gentoo.org/glsa/glsa-201406-36.xml"
},
{
"type": "WEB",
"url": "http://support.apple.com/kb/HT3937"
},
{
"type": "WEB",
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_o.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0543.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0896.html"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3056"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1858"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.