Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-2FVW-PPFC-CM77

Vulnerability from github – Published: 2023-10-09 12:30 – Updated: 2024-04-04 08:26
VLAI
Details

In JetBrains Ktor before 2.3.5 server certificates were not verified

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-45613"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-09T11:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "In JetBrains Ktor before 2.3.5 server certificates were not verified",
  "id": "GHSA-2fvw-ppfc-cm77",
  "modified": "2024-04-04T08:26:01Z",
  "published": "2023-10-09T12:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45613"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2G28-JXX8-MJ9H

Vulnerability from github – Published: 2022-05-14 03:07 – Updated: 2025-04-20 03:46
VLAI
Details

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-1000097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-05T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "On Darwin, user\u0027s trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.",
  "id": "GHSA-2g28-jxx8-mj9h",
  "modified": "2025-04-20T03:46:19Z",
  "published": "2022-05-14T03:07:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000097"
    },
    {
      "type": "WEB",
      "url": "https://github.com/golang/go/issues/18141"
    },
    {
      "type": "WEB",
      "url": "https://go-review.googlesource.com/c/33721"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/forum/#%21msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H32-H397-QGV2

Vulnerability from github – Published: 2023-12-12 15:30 – Updated: 2023-12-14 21:31
VLAI
Details

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-12614"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-12T15:15:07Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.",
  "id": "GHSA-2h32-h397-qgv2",
  "modified": "2023-12-14T21:31:15Z",
  "published": "2023-12-12T15:30:59Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12614"
    },
    {
      "type": "WEB",
      "url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
    },
    {
      "type": "WEB",
      "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H34-774G-95VX

Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2022-05-17 00:35
VLAI
Details

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-3420"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-09-19T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.",
  "id": "GHSA-2h34-774g-95vx",
  "modified": "2022-05-17T00:35:10Z",
  "published": "2022-05-17T00:35:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3420"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216057"
    },
    {
      "type": "WEB",
      "url": "https://dovecot.org/pipermail/dovecot-news/2015-May/000292.html"
    },
    {
      "type": "WEB",
      "url": "https://dovecot.org/pipermail/dovecot/2015-April/100618.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157030.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158236.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158261.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/27/1"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/28/4"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74335"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2H95-4XW9-M68J

Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2024-01-09 17:59
VLAI
Summary
Jenkins Active Directory Plugin Improper certificate validation with StartTLS
Details

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.10"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:active-directory"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-1003009"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-09T17:59:20Z",
    "nvd_published_at": "2019-02-06T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.",
  "id": "GHSA-2h95-4xw9-m68j",
  "modified": "2024-01-09T17:59:20Z",
  "published": "2022-05-13T01:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1003009"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jenkinsci/active-directory-plugin/commit/520faf5bb1078d75e5fed10b7bf5ac6241fe2fc4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/active-directory-plugin"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-859"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Jenkins Active Directory Plugin Improper certificate validation with StartTLS"
}

GHSA-2HFG-HGHR-46WQ

Vulnerability from github – Published: 2023-02-07 00:30 – Updated: 2025-03-26 21:30
VLAI
Details

BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46496"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-02-06T23:15:00Z",
    "severity": "MODERATE"
  },
  "details": "BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.",
  "id": "GHSA-2hfg-hghr-46wq",
  "modified": "2025-03-26T21:30:50Z",
  "published": "2023-02-07T00:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46496"
    },
    {
      "type": "WEB",
      "url": "https://labs.integrity.pt/advisories/cve-2022-46496"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2HGG-G6CR-365F

Vulnerability from github – Published: 2025-05-16 21:32 – Updated: 2025-05-17 03:30
VLAI
Details

Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-32407"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-16T21:15:35Z",
    "severity": "MODERATE"
  },
  "details": "Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.",
  "id": "GHSA-2hgg-g6cr-365f",
  "modified": "2025-05-17T03:30:32Z",
  "published": "2025-05-16T21:32:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32407"
    },
    {
      "type": "WEB",
      "url": "https://github.com/diegovargasj/CVE-2025-32407"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2J5Q-9JW8-9QJ5

Vulnerability from github – Published: 2026-07-01 18:31 – Updated: 2026-07-01 18:31
VLAI
Details

A vulnerability was discovered on Stormshield Network Security 4.3.0  to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)

A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8480"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T16:16:53Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was discovered on Stormshield Network Security 4.3.0\u00a0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)\n\n\n\nA revoked client certificate can still be used to authenticate to the captive\u2011admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.",
  "id": "GHSA-2j5q-9jw8-9qj5",
  "modified": "2026-07-01T18:31:51Z",
  "published": "2026-07-01T18:31:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8480"
    },
    {
      "type": "WEB",
      "url": "https://advisories.stormshield.eu/2026-002"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-2J5W-CWC3-8HXW

Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2022-11-01 22:49
VLAI
Summary
Improper Certificate Validation in Jenkins Spira Importer Plugin
Details

Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "com.inflectra.spiratest.plugins:inflectra-spira-integration"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.2.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-16558"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-01T22:49:48Z",
    "nvd_published_at": "2019-12-17T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.",
  "id": "GHSA-2j5w-cwc3-8hxw",
  "modified": "2022-11-01T22:49:48Z",
  "published": "2022-05-24T17:03:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16558"
    },
    {
      "type": "WEB",
      "url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1580"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Certificate Validation in Jenkins Spira Importer Plugin"
}

GHSA-2J9R-F764-3C88

Vulnerability from github – Published: 2022-05-17 02:28 – Updated: 2025-04-20 03:39
VLAI
Details

The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9599"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-16T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The \"Fountain Trust Mobile Banking\" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-2j9r-f764-3c88",
  "modified": "2025-04-20T03:39:14Z",
  "published": "2022-05-17T02:28:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9599"
    },
    {
      "type": "WEB",
      "url": "https://itunes.apple.com/us/app/fountain-trust-mobile-banking/id891343006"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.