Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-J6GH-W55P-C22W

Vulnerability from github – Published: 2024-07-09 21:30 – Updated: 2024-08-19 15:31
VLAI
Details

An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37865"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T21:15:14Z",
    "severity": "MODERATE"
  },
  "details": "An issue in S3Browser v.11.4.5 and v.10.9.9 and fixed in v.11.5.7 allows a remote attacker to obtain sensitive information via the S3 compatible storage component.",
  "id": "GHSA-j6gh-w55p-c22w",
  "modified": "2024-08-19T15:31:34Z",
  "published": "2024-07-09T21:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37865"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/iTrooz/629bd30cfa09cc527a0859e8cca83a4b"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J6J8-V7G3-3X5W

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2025-04-20 03:37
VLAI
Details

Acceptance of invalid/self-signed TLS certificates in "Panda Mobile Security" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-8060"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-05-05T07:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Acceptance of invalid/self-signed TLS certificates in \"Panda Mobile Security\" 1.1 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.",
  "id": "GHSA-j6j8-v7g3-3x5w",
  "modified": "2025-04-20T03:37:14Z",
  "published": "2022-05-13T01:06:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8060"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/%40chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@chronic_9612/follow-up-76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-64185035029f"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/98327"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J6W9-R3HX-F366

Vulnerability from github – Published: 2024-10-08 18:33 – Updated: 2024-10-08 18:33
VLAI
Details

Windows Secure Channel Spoofing Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-43550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-10-08T18:15:20Z",
    "severity": "HIGH"
  },
  "details": "Windows Secure Channel Spoofing Vulnerability",
  "id": "GHSA-j6w9-r3hx-f366",
  "modified": "2024-10-08T18:33:16Z",
  "published": "2024-10-08T18:33:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43550"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43550"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J6X8-V233-X3MM

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-08-06 00:00
VLAI
Details

Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20989"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-19T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH connections to the Fibaro cloud to provide remote access and remote support capabilities. This connection can be intercepted using DNS spoofing attack and a device initiated remote port-forward channel can be used to connect to the web management interface. Knowledge of authorization credentials to the management interface is required to perform any further actions.",
  "id": "GHSA-j6x8-v233-x3mm",
  "modified": "2022-08-06T00:00:41Z",
  "published": "2022-05-24T17:47:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20989"
    },
    {
      "type": "WEB",
      "url": "https://www.iot-inspector.com/blog/advisory-fibaro-home-center"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162243/Fibaro-Home-Center-MITM-Missing-Authentication-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Apr/27"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J7XG-5549-JR3J

Vulnerability from github – Published: 2022-03-25 00:00 – Updated: 2022-04-01 20:09
VLAI
Summary
Improper Certificate Validation in OWASP ZAP
Details

OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.zaproxy:zap"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.11.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-27820"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-01T20:09:29Z",
    "nvd_published_at": "2022-03-24T04:15:00Z",
    "severity": "MODERATE"
  },
  "details": "OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.",
  "id": "GHSA-j7xg-5549-jr3j",
  "modified": "2022-04-01T20:09:29Z",
  "published": "2022-03-25T00:00:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27820"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zaproxy/zaproxy/issues/7165"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zaproxy/zaproxy/releases"
    },
    {
      "type": "WEB",
      "url": "https://www.openwall.com/lists/oss-security/2022/03/23/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/03/24/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Certificate Validation in OWASP ZAP"
}

GHSA-J8FR-767F-7H52

Vulnerability from github – Published: 2026-02-11 18:31 – Updated: 2026-02-11 18:31
VLAI
Details

An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0228"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-11T18:16:07Z",
    "severity": "LOW"
  },
  "details": "An improper certificate validation vulnerability in PAN-OS allows users to connect Terminal Server Agents on Windows to PAN-OS using expired certificates even if the PAN-OS configuration would not normally permit them to do so.",
  "id": "GHSA-j8fr-767f-7h52",
  "modified": "2026-02-11T18:31:31Z",
  "published": "2026-02-11T18:31:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0228"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0228"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Amber",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-J8P3-7FHR-GHV2

Vulnerability from github – Published: 2022-05-24 17:48 – Updated: 2022-05-24 17:48
VLAI
Details

Improper following of a certificate's chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-20695"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-26T01:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper following of a certificate\u0027s chain of trust vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to gain root privileges via unspecified vectors.",
  "id": "GHSA-j8p3-7fhr-ghv2",
  "modified": "2022-05-24T17:48:47Z",
  "published": "2022-05-24T17:48:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20695"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/vu/JVNVU92898656/index.html"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink-jp.com/support/release/jvnvu92898656_dap-1880ac.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J9XF-76VV-4WCG

Vulnerability from github – Published: 2022-05-11 00:00 – Updated: 2025-10-22 00:32
VLAI
Details

Active Directory Domain Services Elevation of Privilege Vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-26923"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-10T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Active Directory Domain Services Elevation of Privilege Vulnerability.",
  "id": "GHSA-j9xf-76vv-4wcg",
  "modified": "2025-10-22T00:32:32Z",
  "published": "2022-05-11T00:00:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26923"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-26923"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-26923"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-26923"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JC26-4CGX-755J

Vulnerability from github – Published: 2022-05-17 02:48 – Updated: 2022-05-17 02:48
VLAI
Details

Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2013-7450"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-03T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.",
  "id": "GHSA-jc26-4cgx-755j",
  "modified": "2022-05-17T02:48:18Z",
  "published": "2022-05-17T02:48:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7450"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pulp/pulp/pull/627"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1003326"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1328345"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/18/11"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/04/18/5"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/05/20/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JC8G-XHW5-6X46

Vulnerability from github – Published: 2018-10-16 19:59 – Updated: 2022-07-07 21:42
VLAI
Summary
Improper Certificate Validation in Microsoft .NET Framework components
Details

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka ".NET Security Feature Bypass Vulnerability."

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.NETCore.UniversalWindowsPlatform"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.2.0"
            },
            {
              "fixed": "5.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.NETCore.UniversalWindowsPlatform"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.3.0"
            },
            {
              "fixed": "5.3.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.NETCore.UniversalWindowsPlatform"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.4.0"
            },
            {
              "fixed": "5.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.NETCore.UniversalWindowsPlatform"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.0.0"
            },
            {
              "fixed": "6.0.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Primitives"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0"
            },
            {
              "fixed": "4.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.4.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Primitives"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.3.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Primitives"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.1.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Http"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0"
            },
            {
              "fixed": "4.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.4.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Http"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.3.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Http"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.1.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.NetTcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0"
            },
            {
              "fixed": "4.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.4.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.NetTcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.3.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.NetTcp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.1.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Duplex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0"
            },
            {
              "fixed": "4.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.4.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Duplex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.3.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Duplex"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.1"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.0.1"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0"
            },
            {
              "fixed": "4.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.4.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.3.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.ServiceModel.Security"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.1"
            },
            {
              "fixed": "4.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.0.1"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.Private.ServiceModel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.4.0"
            },
            {
              "fixed": "4.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.4.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.Private.ServiceModel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.3.0"
      ]
    },
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "System.Private.ServiceModel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.1.0"
            },
            {
              "fixed": "4.1.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "4.1.0"
      ]
    }
  ],
  "aliases": [
    "CVE-2018-0786"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:43:03Z",
    "nvd_published_at": "2018-01-10T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"",
  "id": "GHSA-jc8g-xhw5-6x46",
  "modified": "2022-07-07T21:42:15Z",
  "published": "2018-10-16T19:59:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0786"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dotnet/announcements/issues/51"
    },
    {
      "type": "WEB",
      "url": "https://github.com/github/advisory-database/issues/302"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-jc8g-xhw5-6x46"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786"
    },
    {
      "type": "WEB",
      "url": "https://www.nuget.org/packages/System.ServiceModel.Duplex#versions-body-tab"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Certificate Validation in Microsoft .NET Framework components"
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.