CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-232R-9JVP-5FFJ
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:37European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.
{
"affected": [],
"aliases": [
"CVE-2019-18633"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-10-30T22:15:00Z",
"severity": "CRITICAL"
},
"details": "European Commission eIDAS-Node Integration Package before 2.3.1 has Missing Certificate Validation because a certain ExplicitKeyTrustEvaluator return value is not checked. NOTE: only 2.1 is confirmed to be affected.",
"id": "GHSA-232r-9jvp-5ffj",
"modified": "2024-04-04T02:37:10Z",
"published": "2022-05-24T17:00:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18633"
},
{
"type": "WEB",
"url": "https://sec-consult.com/en/blog/advisories/15587"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2339-F8X6-MHV4
Vulnerability from github – Published: 2022-04-23 00:40 – Updated: 2024-04-03 23:51nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.
{
"affected": [],
"aliases": [
"CVE-2012-6071"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-19T17:15:00Z",
"severity": "HIGH"
},
"details": "nuSOAP before 0.7.3-5 does not properly check the hostname of a cert.",
"id": "GHSA-2339-f8x6-mhv4",
"modified": "2024-04-03T23:51:48Z",
"published": "2022-04-23T00:40:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6071"
},
{
"type": "WEB",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696707"
},
{
"type": "WEB",
"url": "https://security-tracker.debian.org/tracker/CVE-2012-6071"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/12/27/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/01/15/6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-23C2-W636-5RHM
Vulnerability from github – Published: 2022-05-24 16:44 – Updated: 2023-10-26 21:52Jenkins SiteMonitor Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM.
SiteMonitor Plugin no longer does that. Instead, it now has an opt-in option to ignore SSL/TLS errors for each site check individually.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.5"
},
"package": {
"ecosystem": "Maven",
"name": "org.jvnet.hudson.plugins:sitemonitor"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-10317"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2023-10-26T21:52:42Z",
"nvd_published_at": "2019-04-30T13:29:00Z",
"severity": "MODERATE"
},
"details": "Jenkins SiteMonitor Plugin unconditionally disables SSL/TLS certificate validation for the entire Jenkins controller JVM.\n\nSiteMonitor Plugin no longer does that. Instead, it now has an opt-in option to ignore SSL/TLS errors for each site check individually.",
"id": "GHSA-23c2-w636-5rhm",
"modified": "2023-10-26T21:52:42Z",
"published": "2022-05-24T16:44:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10317"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-04-30/#SECURITY-930"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200227073756/http://www.securityfocus.com/bid/108159"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/04/30/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins SiteMonitor Plugin globally and unconditionally disables SSL/TLS certificate validation "
}
GHSA-248X-4C3J-HCG7
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2025-06-09 18:31Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file".
{
"affected": [],
"aliases": [
"CVE-2018-1000500"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-26T16:29:00Z",
"severity": "HIGH"
},
"details": "Busybox contains a Missing SSL certificate validation vulnerability in The \"busybox wget\" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using \"busybox wget https://compromised-domain.com/important-file\".",
"id": "GHSA-248x-4c3j-hcg7",
"modified": "2025-06-09T18:31:56Z",
"published": "2022-05-13T01:16:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000500"
},
{
"type": "WEB",
"url": "https://git.busybox.net/busybox/commit/?id=45fa3f18adf57ef9d743038743d9c90573aeeb91"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4531-1"
},
{
"type": "WEB",
"url": "http://lists.busybox.net/pipermail/busybox/2018-May/086462.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-24JX-JXXH-QRW7
Vulnerability from github – Published: 2022-05-14 03:46 – Updated: 2022-05-14 03:46The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2018-5258"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-17T17:29:00Z",
"severity": "MODERATE"
},
"details": "The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-24jx-jxxh-qrw7",
"modified": "2022-05-14T03:46:40Z",
"published": "2022-05-14T03:46:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5258"
},
{
"type": "WEB",
"url": "https://gist.github.com/rlaneth/d2203c206d5d5acbdaf6069e78b1d07f"
},
{
"type": "WEB",
"url": "https://radialle.com/cve-2018-5258-writeup-aplicativo-do-banco-neon-para-ios-n%C3%A3o-valida-certificados-ssl-84bed0b0cecb"
},
{
"type": "WEB",
"url": "https://www.tecmundo.com.br/seguranca/126192-banco-neon-falha-permite-hacker-acesse-conta-roube-dados-clientes.htm"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-24VX-5H6H-8Q7M
Vulnerability from github – Published: 2026-05-21 18:33 – Updated: 2026-05-21 18:33Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.
{
"affected": [],
"aliases": [
"CVE-2026-48247"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-21T18:16:21Z",
"severity": "HIGH"
},
"details": "Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting CURLOPT_SSL_VERIFYHOST) when issuing outbound HTTPS requests for general-purpose outbound HTTPS requests issued by the shared helper functions. An attacker positioned on the network path between the server and the remote endpoint can present a forged certificate to intercept, monitor, or modify the request and response, including any API keys or session-bearing data in transit.",
"id": "GHSA-24vx-5h6h-8q7m",
"modified": "2026-05-21T18:33:15Z",
"published": "2026-05-21T18:33:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-48247"
},
{
"type": "WEB",
"url": "https://github.com/openises/tickets/commit/ecfeb406a016766cae81c749e14b5145a9f2dbff"
},
{
"type": "WEB",
"url": "https://github.com/openises/tickets/releases/tag/v3.44.2"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/open-ises-tickets-disabled-tls-certificate-verification-in-incs-functions-inc-php"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-255V-QV84-29P5
Vulnerability from github – Published: 2025-09-17 20:11 – Updated: 2025-09-26 16:19Impact
A peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager’s Certificate gRPC service does not validate if the requested IP addresses “belong to” the peer requesting the certificate—that is, if the peer connects from the same IP address as the one provided in the certificate request.
if addr, ok := p.Addr.(*net.TCPAddr); ok {
ip = addr.IP.String()
} else {
ip, _, err = net.SplitHostPort(p.Addr.String())
if err != nil {
return nil, err
}
}
// Parse csr.
[skipped]
// Check csr signature.
// TODO check csr common name and so on.
if err = csr.CheckSignature(); err != nil {
return nil, err
}
[skipped]
// TODO only valid for peer ip
// BTW we need support both of ipv4 and ipv6.
ips := csr.IPAddresses
if len(ips) == 0 {
// Add default connected ip.
ips = []net.IP{net.ParseIP(ip)}
}
Patches
- Dragonfy v2.1.0 and above.
Workarounds
There are no effective workarounds, beyond upgrading.
References
A third party security audit was performed by Trail of Bits, you can see the full report.
If you have any questions or comments about this advisory, please email us at dragonfly-maintainers@googlegroups.com.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/dragonflyoss/dragonfly"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "d7y.io/dragonfly/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59353"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-17T20:11:37Z",
"nvd_published_at": "2025-09-17T20:15:37Z",
"severity": "HIGH"
},
"details": "### Impact\nA peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Manager\u2019s Certificate gRPC service does not validate if the requested IP addresses \u201cbelong to\u201d the peer requesting the certificate\u2014that is, if the peer connects from the same IP address as the one provided in the certificate request.\n\n```golang\nif addr, ok := p.Addr.(*net.TCPAddr); ok {\n ip = addr.IP.String()\n} else {\n ip, _, err = net.SplitHostPort(p.Addr.String())\n if err != nil {\n return nil, err\n }\n}\n// Parse csr.\n[skipped]\n// Check csr signature.\n// TODO check csr common name and so on.\nif err = csr.CheckSignature(); err != nil {\n return nil, err\n}\n[skipped]\n// TODO only valid for peer ip\n// BTW we need support both of ipv4 and ipv6.\nips := csr.IPAddresses\nif len(ips) == 0 {\n // Add default connected ip.\n ips = []net.IP{net.ParseIP(ip)}\n}\n```\n### Patches\n\n- Dragonfy v2.1.0 and above.\n\n### Workarounds\n\nThere are no effective workarounds, beyond upgrading.\n\n### References\n\nA third party security audit was performed by Trail of Bits, you can see the [full report](https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf).\n\nIf you have any questions or comments about this advisory, please email us at [dragonfly-maintainers@googlegroups.com](mailto:dragonfly-maintainers@googlegroups.com).",
"id": "GHSA-255v-qv84-29p5",
"modified": "2025-09-26T16:19:18Z",
"published": "2025-09-17T20:11:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-255v-qv84-29p5"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59353"
},
{
"type": "PACKAGE",
"url": "https://github.com/dragonflyoss/dragonfly"
},
{
"type": "WEB",
"url": "https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3969"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "DragonFly\u0027s manager generates mTLS certificates for arbitrary IP addresses"
}
GHSA-25GF-8QRR-G78R
Vulnerability from github – Published: 2021-07-19 21:21 – Updated: 2022-08-11 20:43HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/consul"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.10.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-32574"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2021-07-19T17:36:42Z",
"nvd_published_at": "2021-07-17T18:15:00Z",
"severity": "HIGH"
},
"details": "HashiCorp Consul before 1.10.1 (and Consul Enterprise) has Missing SSL Certificate Validation. xds does not ensure that the Subject Alternative Name of an upstream is validated.",
"id": "GHSA-25gf-8qrr-g78r",
"modified": "2022-08-11T20:43:48Z",
"published": "2021-07-19T21:21:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32574"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856"
},
{
"type": "WEB",
"url": "https://github.com/hashicorp/consul/releases/tag/v1.10.1"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-09"
},
{
"type": "WEB",
"url": "https://www.hashicorp.com/blog/category/consul"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Hashicorp Consul Missing SSL Certificate Validation"
}
GHSA-25VQ-3GFH-MVJ7
Vulnerability from github – Published: 2022-05-13 01:35 – Updated: 2022-05-13 01:35A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected. This vulnerability affects Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliances (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliances (ASAv), Firepower 4110 Security Appliances, Firepower 9300 ASA Security Modules. Cisco Bug IDs: CSCvg40155.
{
"affected": [],
"aliases": [
"CVE-2018-0227"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-19T20:29:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected. This vulnerability affects Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliances (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliances (ASAv), Firepower 4110 Security Appliances, Firepower 9300 ASA Security Modules. Cisco Bug IDs: CSCvg40155.",
"id": "GHSA-25vq-3gfh-mvj7",
"modified": "2022-05-13T01:35:33Z",
"published": "2022-05-13T01:35:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0227"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-184-01"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asa1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104018"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040723"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-26Q9-378G-G2F7
Vulnerability from github – Published: 2023-11-13 18:30 – Updated: 2023-11-13 18:30Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.
{
"affected": [],
"aliases": [
"CVE-2023-42532"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-07T08:15:15Z",
"severity": "HIGH"
},
"details": "Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.",
"id": "GHSA-26q9-378g-g2f7",
"modified": "2023-11-13T18:30:59Z",
"published": "2023-11-13T18:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42532"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.