CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-2C7H-C396-X7RF
Vulnerability from github – Published: 2022-05-14 02:19 – Updated: 2022-05-14 02:19WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.
{
"affected": [],
"aliases": [
"CVE-2018-11712"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-04T14:29:00Z",
"severity": "HIGH"
},
"details": "WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification for WebSocket connections.",
"id": "GHSA-2c7h-c396-x7rf",
"modified": "2022-05-14T02:19:45Z",
"published": "2022-05-14T02:19:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11712"
},
{
"type": "WEB",
"url": "https://bugs.webkit.org/show_bug.cgi?id=184804"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201808-04"
},
{
"type": "WEB",
"url": "https://trac.webkit.org/changeset/230886/webkit"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2CGW-C87G-WW8Q
Vulnerability from github – Published: 2022-05-24 19:07 – Updated: 2022-10-27 19:00OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.
{
"affected": [],
"aliases": [
"CVE-2021-3547"
],
"database_specific": {
"cwe_ids": [
"CWE-287",
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-07-12T11:15:00Z",
"severity": "HIGH"
},
"details": "OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration.",
"id": "GHSA-2cgw-c87g-ww8q",
"modified": "2022-10-27T19:00:41Z",
"published": "2022-05-24T19:07:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3547"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2021-3547"
},
{
"type": "WEB",
"url": "https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2CH6-M8WH-67F2
Vulnerability from github – Published: 2024-04-10 18:30 – Updated: 2025-11-04 00:30IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.
{
"affected": [],
"aliases": [
"CVE-2024-31872"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-599"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T16:15:15Z",
"severity": "HIGH"
},
"details": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316.",
"id": "GHSA-2ch6-m8wh-67f2",
"modified": "2025-11-04T00:30:48Z",
"published": "2024-04-10T18:30:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31872"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287316"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7147932"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Nov/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2CP9-2R3X-XX3F
Vulnerability from github – Published: 2026-04-13 09:31 – Updated: 2026-07-07 18:30A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\SYSTEM privileges.
{
"affected": [],
"aliases": [
"CVE-2026-0233"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-13T08:16:22Z",
"severity": "LOW"
},
"details": "A certificate validation vulnerability in Palo Alto Networks Autonomous Digital Experience Manager on Windows allows an unauthenticated attacker with adjacent network access to execute arbitrary code with NT AUTHORITY\\SYSTEM privileges.",
"id": "GHSA-2cp9-2r3x-xx3f",
"modified": "2026-07-07T18:30:26Z",
"published": "2026-04-13T09:31:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0233"
},
{
"type": "WEB",
"url": "https://security.paloaltonetworks.com/CVE-2026-0233"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Green",
"type": "CVSS_V4"
}
]
}
GHSA-2CPX-6PQP-WF35
Vulnerability from github – Published: 2022-07-29 22:24 – Updated: 2025-09-30 16:56Impact
When establishing a server-mode TLSSocket using fs2-io on Node.js, the parameter requestCert = true is ignored, peer certificate verification is skipped, and the connection proceeds.
The vulnerability is limited to:
1. fs2-io running on Node.js. The JVM TLS implementation is completely independent.
2. TLSSockets in server-mode. Client-mode TLSSockets are implemented via a different API.
3. mTLS as enabled via requestCert = true in TLSParameters. The default setting is false for server-mode TLSSockets.
It was introduced with the initial Node.js implementation of fs2-io in v3.1.0.
Patches
A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised.
Workarounds
If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection.
References
- https://github.com/nodejs/node/issues/43994
- https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/
For more information
If you have any questions or comments about this advisory: * Open an issue. * Contact the Typelevel Security Team.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "co.fs2:fs2-io"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.2.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "co.fs2:fs2-io_2.12"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.2.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "co.fs2:fs2-io_3"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.2.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "co.fs2:fs2-io_2.13"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.2.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "co.fs2:fs2-io_sjs1_2.13"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.2.11"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "co.fs2:fs2-io_sjs1_3"
},
"ranges": [
{
"events": [
{
"introduced": "3.1.0"
},
{
"fixed": "3.2.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-31183"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-29T22:24:10Z",
"nvd_published_at": "2022-08-01T20:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nWhen establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds.\n\nThe vulnerability is limited to:\n1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent.\n2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API.\n3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s.\n\nIt was introduced with the initial Node.js implementation of fs2-io in v3.1.0.\n\n### Patches\n\nA patch is released in v3.2.11. The `requestCert = true` parameter is respected and the peer certificate is verified. If verification fails, a `SSLException` is raised.\n\n### Workarounds\n\nIf using an unpatched version on Node.js, do not use a server-mode `TLSSocket` with `requestCert = true` to establish a mTLS connection.\n\n### References\n- https://github.com/nodejs/node/issues/43994\n- https://www.cloudflare.com/learning/access-management/what-is-mutual-tls/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* [Open an issue.](https://github.com/typelevel/fs2/issues/new/choose)\n* Contact the [Typelevel Security Team](https://github.com/typelevel/.github/blob/main/SECURITY.md).",
"id": "GHSA-2cpx-6pqp-wf35",
"modified": "2025-09-30T16:56:23Z",
"published": "2022-07-29T22:24:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/typelevel/fs2/security/advisories/GHSA-2cpx-6pqp-wf35"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31183"
},
{
"type": "WEB",
"url": "https://github.com/nodejs/node/issues/43994"
},
{
"type": "WEB",
"url": "https://github.com/typelevel/fs2/commit/19ce392e8093d9571387dbd78e159e655a85aeea"
},
{
"type": "WEB",
"url": "https://github.com/typelevel/fs2/commit/659824395826a314e0a4331535dbf1ef8bef8207"
},
{
"type": "PACKAGE",
"url": "https://github.com/typelevel/fs2"
},
{
"type": "WEB",
"url": "https://github.com/typelevel/fs2/releases/tag/v3.2.11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "fs2-io skips mTLS client verification"
}
GHSA-2CW5-9MW6-623G
Vulnerability from github – Published: 2025-08-14 18:31 – Updated: 2025-08-14 18:31IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.
{
"affected": [],
"aliases": [
"CVE-2025-33142"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-14T16:15:31Z",
"severity": "MODERATE"
},
"details": "IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections.",
"id": "GHSA-2cw5-9mw6-623g",
"modified": "2025-08-14T18:31:28Z",
"published": "2025-08-14T18:31:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-33142"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7242172"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2F9M-X58V-PCQF
Vulnerability from github – Published: 2025-03-14 15:32 – Updated: 2025-03-14 15:32An improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.
{
"affected": [],
"aliases": [
"CVE-2024-40590"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-14T15:15:41Z",
"severity": "MODERATE"
},
"details": "An\u00a0improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints.",
"id": "GHSA-2f9m-x58v-pcqf",
"modified": "2025-03-14T15:32:04Z",
"published": "2025-03-14T15:32:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40590"
},
{
"type": "WEB",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-155"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2FG7-GVQP-MHCC
Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03An improper following of a certificate's chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.
{
"affected": [],
"aliases": [
"CVE-2021-24012"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-06-02T13:15:00Z",
"severity": "HIGH"
},
"details": "An improper following of a certificate\u0027s chain of trust vulnerability in FortiGate versions 6.4.0 to 6.4.4 may allow an LDAP user to connect to SSLVPN with any certificate that is signed by a trusted Certificate Authority.",
"id": "GHSA-2fg7-gvqp-mhcc",
"modified": "2022-05-24T19:03:54Z",
"published": "2022-05-24T19:03:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-24012"
},
{
"type": "WEB",
"url": "https://fortiguard.com/advisory/FG-IR-21-018"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-2FQF-GFM4-V7PW
Vulnerability from github – Published: 2023-09-19 18:30 – Updated: 2024-04-04 07:44MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.
{
"affected": [],
"aliases": [
"CVE-2023-38356"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-19T16:15:12Z",
"severity": "HIGH"
},
"details": "MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.",
"id": "GHSA-2fqf-gfm4-v7pw",
"modified": "2024-04-04T07:44:28Z",
"published": "2023-09-19T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38356"
},
{
"type": "WEB",
"url": "https://0dr3f.github.io/cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2FVQ-8PC8-8468
Vulnerability from github – Published: 2023-09-19 18:30 – Updated: 2024-04-04 07:44MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.
{
"affected": [],
"aliases": [
"CVE-2023-38355"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-09-19T16:15:12Z",
"severity": "HIGH"
},
"details": "MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.",
"id": "GHSA-2fvq-8pc8-8468",
"modified": "2024-04-04T07:44:26Z",
"published": "2023-09-19T18:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38355"
},
{
"type": "WEB",
"url": "https://0dr3f.github.io/cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.