CWE-298

Improper Validation of Certificate Expiration

A certificate expiration is not validated or is incorrectly validated.

Mitigation

Phase: Architecture and Design

Description:

  • Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.
Mitigation

Phase: Implementation

Description:

  • If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page