CWE-297
Improper Validation of Certificate with Host Mismatch
The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.
Mitigation
Phase: Architecture and Design
Description:
- Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed.
Mitigation
Phase: Implementation
Description:
- If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
No CAPEC attack patterns related to this CWE.