CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-HVH8-JV33-33CW
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2024-04-04 03:04jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.
{
"affected": [],
"aliases": [
"CVE-2021-3285"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-26T18:16:00Z",
"severity": "MODERATE"
},
"details": "jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1.1 does not verify X.509 certificates for HTTPS.",
"id": "GHSA-hvh8-jv33-33cw",
"modified": "2024-04-04T03:04:22Z",
"published": "2022-05-24T17:40:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3285"
},
{
"type": "WEB",
"url": "https://sir.ext.ti.com/jira/browse/EXT_EP-10212"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HVHC-8W3J-PF54
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2024-08-14 21:33An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2.
{
"affected": [],
"aliases": [
"CVE-2022-32509"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T10:43:42Z",
"severity": "HIGH"
},
"details": "An issue was discovered on certain Nuki Home Solutions devices. Lack of certificate validation on HTTP communications allows attackers to intercept and tamper data. This affects Nuki Smart Lock 3.0 before 3.3.5, Nuki Bridge v1 before 1.22.0 and Nuki Bridge v2 before 2.13.2.",
"id": "GHSA-hvhc-8w3j-pf54",
"modified": "2024-08-14T21:33:11Z",
"published": "2024-05-14T18:30:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32509"
},
{
"type": "WEB",
"url": "https://latesthackingnews.com/2022/07/28/multiple-security-flaws-found-in-nuki-smart-locks"
},
{
"type": "WEB",
"url": "https://nuki.io/en/security-updates"
},
{
"type": "WEB",
"url": "https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2"
},
{
"type": "WEB",
"url": "https://www.hackread.com/nuki-smart-locks-vulnerabilities-plethora-attack-options"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-HW2C-8PMG-PX6W
Vulnerability from github – Published: 2022-05-24 17:42 – Updated: 2022-05-24 17:42core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
{
"affected": [],
"aliases": [
"CVE-2021-26911"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-02-17T21:15:00Z",
"severity": "HIGH"
},
"details": "core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.",
"id": "GHSA-hw2c-8pmg-px6w",
"modified": "2022-05-24T17:42:34Z",
"published": "2022-05-24T17:42:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26911"
},
{
"type": "WEB",
"url": "https://github.com/canarymail/mailcore2/commit/45acb4efbcaa57a20ac5127dc976538671fce018"
},
{
"type": "WEB",
"url": "https://apps.apple.com/us/app/canary-mail/id1236045954"
},
{
"type": "WEB",
"url": "https://census-labs.com/news/2021/02/17/canary-mail-app-missing-certificate-validation-check-on-imap-starttls"
},
{
"type": "WEB",
"url": "https://census-labs.com/news/category/advisories"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/02/17/3"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/02/17/3"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HWCC-4CV8-CF3H
Vulnerability from github – Published: 2023-12-22 19:51 – Updated: 2023-12-22 19:51Issue
Snowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in version 2.1.5.
Attack Scenario
Snowflake uses CRL to check if a TLS certificate has been revoked before its expiration date. The lack of correct validation of revoked certificates could, in theory, allow an attacker who has both access to the private key of a correctly issued Snowflake certificate and the ability to intercept network traffic to perform a Man-in-the-Middle (MitM) attack in order to compromise Snowflake credentials used by the driver.
The vulnerability is difficult to exploit given both conditions required and, at the time of this advisory's publication, Snowflake is not aware of any compromise of its certificates, nor unauthorized issuance of such by any publicly trusted Certificate Authority (CA). However, an upgrade to the newest version is recommended to ensure the highest level of security and protection against future unforeseen threats.
Solution
On December 18, 2023, Snowflake released version 2.1.5 of the Snowflake Connector .NET, which fixes the issue, and we recommend users upgrade to version 2.1.5. Customers continuing to use the impacted versions of the connector should update their insecureMode flag to true.
Acknowledgement
Snowflake would like to thank Timo Vink for reporting this vulnerability.
Additional Information
If you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our Vulnerability Disclosure Policy.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.1.4"
},
"package": {
"ecosystem": "NuGet",
"name": "Snowflake.Data"
},
"ranges": [
{
"events": [
{
"introduced": "2.0.25"
},
{
"fixed": "2.1.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-51662"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2023-12-22T19:51:09Z",
"nvd_published_at": "2023-12-22T17:15:10Z",
"severity": "MODERATE"
},
"details": "### Issue\nSnowflake recently received a report about a vulnerability in the Snowflake Connector .NET where the checks against the Certificate Revocation List (CRL) were not performed where the insecureMode flag was set to false, which is the default setting. The vulnerability affects versions between 2.0.25 and 2.1.4 (inclusive). Snowflake fixed the issue in [version 2.1.5](https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023).\n\n### Attack Scenario\nSnowflake uses CRL to check if a TLS certificate has been revoked before its expiration date. The lack of correct validation of revoked certificates could, in theory, allow an attacker who has both access to the private key of a correctly issued Snowflake certificate and the ability to intercept network traffic to perform a Man-in-the-Middle (MitM) attack in order to compromise Snowflake credentials used by the driver.\n\nThe vulnerability is difficult to exploit given both conditions required and, at the time of this advisory\u0027s publication, Snowflake is not aware of any compromise of its certificates, nor unauthorized issuance of such by any publicly trusted Certificate Authority (CA). However, an upgrade to the newest version is recommended to ensure the highest level of security and protection against future unforeseen threats.\n\n### Solution\nOn December 18, 2023, Snowflake released [version 2.1.5](https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023) of the Snowflake Connector .NET, which fixes the issue, and we recommend users upgrade to [version 2.1.5](https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023). Customers continuing to use the impacted versions of the connector should update their insecureMode flag to true. \n\n### Acknowledgement\nSnowflake would like to thank [Timo Vink](https://github.com/TimoVink) for reporting this vulnerability.\n\n### Additional Information\nIf you discover a security vulnerability in one of our products or websites, please report the issue to HackerOne. For more information, please see our [Vulnerability Disclosure Policy](https://hackerone.com/snowflake?type=team).",
"id": "GHSA-hwcc-4cv8-cf3h",
"modified": "2023-12-22T19:51:09Z",
"published": "2023-12-22T19:51:09Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/snowflakedb/snowflake-connector-net/security/advisories/GHSA-hwcc-4cv8-cf3h"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51662"
},
{
"type": "WEB",
"url": "https://github.com/snowflakedb/snowflake-connector-net/commit/49cb77ddd6e18c110eca35aa580e89d73c46cc33"
},
{
"type": "WEB",
"url": "https://docs.snowflake.com/release-notes/clients-drivers/dotnet-2023#version-2-1-5-december-18-2023"
},
{
"type": "PACKAGE",
"url": "https://github.com/snowflakedb/snowflake-connector-net"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)"
}
GHSA-HX2W-HJ9R-4GWR
Vulnerability from github – Published: 2022-05-24 16:53 – Updated: 2024-04-04 01:37The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.
{
"affected": [],
"aliases": [
"CVE-2019-14516"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-08-13T14:15:00Z",
"severity": "HIGH"
},
"details": "The mAadhaar application 1.2.7 for Android lacks SSL Certificate Validation, leading to man-in-the-middle attacks against requests for FAQs or Help.",
"id": "GHSA-hx2w-hj9r-4gwr",
"modified": "2024-04-04T01:37:27Z",
"published": "2022-05-24T16:53:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14516"
},
{
"type": "WEB",
"url": "https://github.com/fs0c131y/ConPresentations/blob/master/AppSecVillageDefcon27.mAadhaar.pdf"
},
{
"type": "WEB",
"url": "https://play.google.com/store/apps/details?id=in.gov.uidai.mAadhaarPlus\u0026hl=en_US"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HX3X-MQ59-GR7F
Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2025-04-20 03:39The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9563"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T12:29:00Z",
"severity": "MODERATE"
},
"details": "The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-hx3x-mq59-gr7f",
"modified": "2025-04-20T03:39:12Z",
"published": "2022-05-17T02:39:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9563"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-HXCJ-GVXH-8944
Vulnerability from github – Published: 2022-05-24 19:11 – Updated: 2022-05-24 19:11In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.
{
"affected": [],
"aliases": [
"CVE-2021-39358"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-08-22T19:15:00Z",
"severity": "MODERATE"
},
"details": "In GNOME libgfbgraph through 0.2.4, gfbgraph-photo.c does not enable TLS certificate verification on the SoupSessionSync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.",
"id": "GHSA-hxcj-gvxh-8944",
"modified": "2022-05-24T19:11:52Z",
"published": "2022-05-24T19:11:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-39358"
},
{
"type": "WEB",
"url": "https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/libgfbgraph/-/issues/17"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GRCVZUNPTNFQQQCEZVP7RYY6OKHPDBC5"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYI47UX6S5PAOWVWQ2KID64MCTXTH7SE"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXXAF56BYLSES4UCLXKFCODZXTNAZ2G6"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-HXP5-8PGQ-MGV9
Vulnerability from github – Published: 2021-04-22 16:14 – Updated: 2021-04-21 20:27"HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses this method internally to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore."
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.calcite:calcite-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.26.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.calcite:calcite-druid"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.26.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.calcite:calcite-splunk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.26.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-13955"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-21T20:27:19Z",
"nvd_published_at": "2020-10-09T13:15:00Z",
"severity": "MODERATE"
},
"details": "\"HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses this method internally to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore.\"",
"id": "GHSA-hxp5-8pgq-mgv9",
"modified": "2021-04-21T20:27:19Z",
"published": "2021-04-22T16:14:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13955"
},
{
"type": "WEB",
"url": "https://github.com/apache/calcite/commit/43eeafcbac29d02c72bd520c003cdfc571de2d15"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/CALCITE-4298"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r0b0fbe2038388175951ce1028182d980f9e9a7328be13d52dab70bb3%40%3Cdev.calcite.apache.org%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Missing Authentication for Critical Function in Apache Calcite"
}
GHSA-J357-MFHX-P456
Vulnerability from github – Published: 2022-05-14 03:32 – Updated: 2022-05-14 03:32The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."
{
"affected": [],
"aliases": [
"CVE-2016-9952"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-03-12T21:29:00Z",
"severity": "HIGH"
},
"details": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by \"*.com.\"",
"id": "GHSA-j357-mfhx-p456",
"modified": "2022-05-14T03:32:30Z",
"published": "2022-05-14T03:32:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9952"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/CVE-2016-9952.patch"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/docs/adv_20161221B.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-J396-CQXP-9QRM
Vulnerability from github – Published: 2022-05-17 02:20 – Updated: 2022-05-17 02:20The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-2278"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-08-02T16:29:00Z",
"severity": "MODERATE"
},
"details": "The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-j396-cqxp-9qrm",
"modified": "2022-05-17T02:20:07Z",
"published": "2022-05-17T02:20:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2278"
},
{
"type": "WEB",
"url": "https://jvn.jp/en/jp/JVN24238648/index.html"
},
{
"type": "WEB",
"url": "http://www.iid.co.jp/information/170714.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.