Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-2C7H-C396-X7RF

Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2022-05-14 02:19
VLAI
Details

WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-11712"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-04T14:29:00Z",
    "severity": "HIGH"
  },
  "details": "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.",
  "id": "GHSA-2c7h-c396-x7rf",
  "modified": "2022-05-14T02:19:45Z",
  "published": "2022-05-14T02:19:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11712"
    },
    {
      "type": "WEB",
      "url": "https://bugs.webkit.org/show_bug.cgi?id=184804"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201808-04"
    },
    {
      "type": "WEB",
      "url": "https://trac.webkit.org/changeset/230886/webkit"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CGW-C87G-WW8Q

Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-27 19:00
VLAI
Details

OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-07-12T11:15:00Z",
    "severity": "HIGH"
  },
  "details": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.",
  "id": "GHSA-2cgw-c87g-ww8q",
  "modified": "2022-10-27T19:00:41Z",
  "published": "2022-05-24T19:07:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3547"
    },
    {
      "type": "WEB",
      "url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"
    },
    {
      "type": "WEB",
      "url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CH6-M8WH-67F2

Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2025-11-04 00:30
VLAI
Details

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-599"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-10T16:15:15Z",
    "severity": "HIGH"
  },
  "details": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation.  IBM X-Force ID:  287316.",
  "id": "GHSA-2ch6-m8wh-67f2",
  "modified": "2025-11-04T00:30:48Z",
  "published": "2024-04-10T18:30:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31872"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287316"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7147932"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2024/Nov/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2CP9-2R3X-XX3F

Vulnerability from github – Published: 2026-04-13 09:31 – Updated: 2026-07-07 18:30
VLAI
Details

A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-0233"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-13T08:16:22Z",
    "severity": "LOW"
  },
  "details": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM  privileges.",
  "id": "GHSA-2cp9-2r3x-xx3f",
  "modified": "2026-07-07T18:30:26Z",
  "published": "2026-04-13T09:31:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0233"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2026-0233"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Green",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-2CPX-6PQP-WF35

Vulnerability from github – Published: 2022-07-29 22:24 – Updated: 2025-09-30 16:56
VLAI
Summary
fs2-io skips mTLS client verification
Details

Impact

When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds.

The vulnerability is limited to: 1. fs2-io running on Node.js. The JVM TLS implementation is completely independent. 2. TLSSockets in server-mode. Client-mode TLSSockets are implemented via a different API. 3. mTLS as enabled via requestCert = true in TLSParameters. The default setting is false for server-mode TLSSockets.

It was introduced with the initial Node.js implementation of fs2-io in v3.1.0.

Patches

A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised.

Workarounds

If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection.

References

  • https://github.com/nodejs/node/issues/43994
  • https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/

For more information

If you have any questions or comments about this advisory: * Open an issue. * Contact the Typelevel Security Team.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "co.fs2:fs2-io"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "co.fs2:fs2-io_2.12"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "co.fs2:fs2-io_3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "co.fs2:fs2-io_2.13"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "co.fs2:fs2-io_sjs1_2.13"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "co.fs2:fs2-io_sjs1_3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1.0"
            },
            {
              "fixed": "3.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-31183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-29T22:24:10Z",
    "nvd_published_at": "2022-08-01T20:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nWhen establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds.\n\nThe vulnerability is limited to:\n1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent.\n2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API.\n3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s.\n\nIt was introduced with the initial Node.js implementation of fs2-io in v3.1.0.\n\n### Patches\n\nA patch is released in v3.2.11. The `requestCert = true` parameter is respected and the peer certificate is verified. If verification fails, a `SSLException` is raised.\n\n### Workarounds\n\nIf using an unpatched version on Node.js, do not use a server-mode `TLSSocket` with `requestCert = true` to establish a mTLS connection.\n\n### References\n- https://github.com/nodejs/node/issues/43994\n- https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* [Open an issue.](https://github.com/typelevel/fs2/issues/new/choose)\n* Contact the [Typelevel Security Team](https://github.com/typelevel/.github/blob/main/SECURITY.md).",
  "id": "GHSA-2cpx-6pqp-wf35",
  "modified": "2025-09-30T16:56:23Z",
  "published": "2022-07-29T22:24:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31183"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nodejs/node/issues/43994"
    },
    {
      "type": "WEB",
      "url": "https://github.com/typelevel/fs2/commit/19ce392e8093d9571387dbd78e159e655a85aeea"
    },
    {
      "type": "WEB",
      "url": "https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/typelevel/fs2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/typelevel/fs2/releases/tag/v3.2.11"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "fs2-io skips mTLS client verification"
}

GHSA-2CW5-9MW6-623G

Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 18:31
VLAI
Details

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-33142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-14T16:15:31Z",
    "severity": "MODERATE"
  },
  "details": "IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.",
  "id": "GHSA-2cw5-9mw6-623g",
  "modified": "2025-08-14T18:31:28Z",
  "published": "2025-08-14T18:31:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33142"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7242172"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2F9M-X58V-PCQF

Vulnerability from github – Published: 2025-03-14 15:32 – Updated: 2025-03-14 15:32
VLAI
Details

An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-40590"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-14T15:15:41Z",
    "severity": "MODERATE"
  },
  "details": "An\u00a0improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.",
  "id": "GHSA-2f9m-x58v-pcqf",
  "modified": "2025-03-14T15:32:04Z",
  "published": "2025-03-14T15:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40590"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-155"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2FG7-GVQP-MHCC

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03
VLAI
Details

An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-24012"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-06-02T13:15:00Z",
    "severity": "HIGH"
  },
  "details": "An improper following of a certificate\u0027s chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.",
  "id": "GHSA-2fg7-gvqp-mhcc",
  "modified": "2022-05-24T19:03:54Z",
  "published": "2022-05-24T19:03:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24012"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.com/advisory/FG-IR-21-018"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-2FQF-GFM4-V7PW

Vulnerability from github – Published: 2023-09-19 18:30 – Updated: 2024-04-04 07:44
VLAI
Details

MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38356"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-19T16:15:12Z",
    "severity": "HIGH"
  },
  "details": "MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.",
  "id": "GHSA-2fqf-gfm4-v7pw",
  "modified": "2024-04-04T07:44:28Z",
  "published": "2023-09-19T18:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38356"
    },
    {
      "type": "WEB",
      "url": "https://0dr3f.github.io/cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2FVQ-8PC8-8468

Vulnerability from github – Published: 2023-09-19 18:30 – Updated: 2024-04-04 07:44
VLAI
Details

MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-38355"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-19T16:15:12Z",
    "severity": "HIGH"
  },
  "details": "MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.",
  "id": "GHSA-2fvq-8pc8-8468",
  "modified": "2024-04-04T07:44:26Z",
  "published": "2023-09-19T18:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38355"
    },
    {
      "type": "WEB",
      "url": "https://0dr3f.github.io/cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.