Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-HH32-7934-R8MP

Vulnerability from github – Published: 2022-05-17 02:49 – Updated: 2022-05-17 02:49
VLAI
Details

botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-7826"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-10T15:59:00Z",
    "severity": "CRITICAL"
  },
  "details": "botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.",
  "id": "GHSA-hh32-7934-r8mp",
  "modified": "2022-05-17T02:49:56Z",
  "published": "2022-05-17T02:49:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7826"
    },
    {
      "type": "WEB",
      "url": "https://botan.randombit.net/security.html#id3"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311620"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HH5G-G7M5-5VXV

Vulnerability from github – Published: 2026-04-15 18:31 – Updated: 2026-04-15 18:31
VLAI
Details

A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.

This vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-20184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-15T17:17:03Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service.\n\nThis vulnerability existed because of improper certificate validation. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by connecting to a service endpoint and supplying a crafted token. A successful exploit could have allowed the attacker to gain unauthorized access to legitimate Cisco Webex services.",
  "id": "GHSA-hh5g-g7m5-5vxv",
  "modified": "2026-04-15T18:31:58Z",
  "published": "2026-04-15T18:31:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20184"
    },
    {
      "type": "WEB",
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-cui-cert-8jSZYhWL"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HHFV-2XC3-52H6

Vulnerability from github – Published: 2023-09-11 09:31 – Updated: 2024-04-04 07:34
VLAI
Details

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-35845"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-11T08:15:07Z",
    "severity": "MODERATE"
  },
  "details": "Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.",
  "id": "GHSA-hhfv-2xc3-52h6",
  "modified": "2024-04-04T07:34:37Z",
  "published": "2023-09-11T09:31:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35845"
    },
    {
      "type": "WEB",
      "url": "https://uponfurtherinvestigation.blogspot.com/2023/06/cve-2023-35845-anaconda3-creates.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HHFX-WJ9X-F5M6

Vulnerability from github – Published: 2024-04-19 18:31 – Updated: 2024-04-19 18:31
VLAI
Details

IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data. IBM X-Force ID: 259672.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37397"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-326"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-19T17:15:51Z",
    "severity": "LOW"
  },
  "details": "IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain or modify sensitive information due to improper encryption of certain data.  IBM X-Force ID:  259672.",
  "id": "GHSA-hhfx-wj9x-f5m6",
  "modified": "2024-04-19T18:31:14Z",
  "published": "2024-04-19T18:31:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37397"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/259672"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7148632"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HHQV-2P5R-3R8R

Vulnerability from github – Published: 2022-05-14 03:03 – Updated: 2022-05-14 03:03
VLAI
Details

The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-0611"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-26T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "The ANA App for iOS version 4.0.22 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-hhqv-2p5r-3r8r",
  "modified": "2022-05-14T03:03:58Z",
  "published": "2022-05-14T03:03:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0611"
    },
    {
      "type": "WEB",
      "url": "https://www.ana.co.jp/ja/jp/share/mobile/smartphone/app_ana/#title"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN71535108/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HHXQ-VHPQ-PJF3

Vulnerability from github – Published: 2026-07-14 18:31 – Updated: 2026-07-14 18:31
VLAI
Details

Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-47632"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-14T17:16:49Z",
    "severity": "HIGH"
  },
  "details": "Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.",
  "id": "GHSA-hhxq-vhpq-pjf3",
  "modified": "2026-07-14T18:31:59Z",
  "published": "2026-07-14T18:31:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47632"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47632"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HJ73-5Q9F-3JJ4

Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19
VLAI
Details

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-41019"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-11-02T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.",
  "id": "GHSA-hj73-5q9f-3jj4",
  "modified": "2022-05-24T19:19:24Z",
  "published": "2022-05-24T19:19:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41019"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-21-074"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-HJ9Q-MJ9C-FCP4

Vulnerability from github – Published: 2024-12-10 00:31 – Updated: 2024-12-10 00:31
VLAI
Details

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-12174"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-09T22:15:22Z",
    "severity": "LOW"
  },
  "details": "An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server.",
  "id": "GHSA-hj9q-mj9c-fcp4",
  "modified": "2024-12-10T00:31:26Z",
  "published": "2024-12-10T00:31:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12174"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/tns-2024-19"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HM5X-4JQQ-QCMG

Vulnerability from github – Published: 2023-04-27 03:30 – Updated: 2024-04-04 03:42
VLAI
Details

Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute arbitrary code via a DHCP hijacking attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-47758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-27T02:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "Nanoleaf firmware v7.1.1 and below is missing an SSL certificate, allowing attackers to execute arbitrary code via a DHCP hijacking attack.",
  "id": "GHSA-hm5x-4jqq-qcmg",
  "modified": "2024-04-04T03:42:34Z",
  "published": "2023-04-27T03:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47758"
    },
    {
      "type": "WEB",
      "url": "https://pwning.tech/cve-2022-47758"
    },
    {
      "type": "WEB",
      "url": "http://nanoleaf.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-HM9P-89R4-C9G7

Vulnerability from github – Published: 2024-10-18 09:31 – Updated: 2024-10-21 18:30
VLAI
Details

A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6057"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-18T08:15:03Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability has been discovered in Bitdefender Total Security HTTPS scanning functionality that results in the improper trust of certificates issued using the DSA signature algorithm. The product does not properly check the certificate chain, allowing an attacker to establish MITM SSL connections to arbitrary sites using a DSA-signed certificate.",
  "id": "GHSA-hm9p-89r4-c9g7",
  "modified": "2024-10-21T18:30:46Z",
  "published": "2024-10-18T09:31:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6057"
    },
    {
      "type": "WEB",
      "url": "https://www.bitdefender.com/support/security-advisories/insecure-trust-of-dsa-signed-certificates-in-bitdefender-total-security-https-scanning-va-11166"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.