CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-PM3J-6F7C-8V2Q
Vulnerability from github – Published: 2025-01-10 18:31 – Updated: 2025-01-13 21:30Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.
{
"affected": [],
"aliases": [
"CVE-2024-54848"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-10T17:15:17Z",
"severity": "HIGH"
},
"details": "Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks.",
"id": "GHSA-pm3j-6f7c-8v2q",
"modified": "2025-01-13T21:30:52Z",
"published": "2025-01-10T18:31:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21551"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-54848"
},
{
"type": "WEB",
"url": "https://capec.mitre.org/data/definitions/233"
},
{
"type": "WEB",
"url": "https://github.com/Yashodhanvivek/CP-VNR-3104-NVR-Vulnerabilties/blob/main/CPPlus_CP-VNR-3104_Security_Assessment.pdf"
},
{
"type": "WEB",
"url": "https://payatu.com/blog/solving-the-problem-of-encrypted-firmware"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PM77-C4Q7-3FWJ
Vulnerability from github – Published: 2021-10-12 16:31 – Updated: 2021-10-08 22:58Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "globalpayments/php-sdk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-20455"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-08T22:58:55Z",
"nvd_published_at": "2020-02-14T16:15:00Z",
"severity": "MODERATE"
},
"details": "Gateways/Gateway.php in Heartland \u0026 Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations.",
"id": "GHSA-pm77-c4q7-3fwj",
"modified": "2021-10-08T22:58:55Z",
"published": "2021-10-12T16:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-20455"
},
{
"type": "WEB",
"url": "https://github.com/globalpayments/php-sdk/pull/8"
},
{
"type": "WEB",
"url": "https://github.com/globalpayments/php-sdk/pull/8/commits/c86e18f28c5eba0d6ede7d557756d978ea83d3c9"
},
{
"type": "PACKAGE",
"url": "https://github.com/globalpayments/php-sdk"
},
{
"type": "WEB",
"url": "https://github.com/globalpayments/php-sdk/compare/1.3.3...2.0.0"
},
{
"type": "WEB",
"url": "https://github.com/globalpayments/php-sdk/releases/tag/2.0.0"
},
{
"type": "WEB",
"url": "https://winterdragon.ca/global-payments-vulnerability"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Certificate Validation in Heartland \u0026 Global Payments PHP SDK"
}
GHSA-PM7C-VG9H-JXXC
Vulnerability from github – Published: 2022-05-02 03:35 – Updated: 2024-02-14 18:30Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
{
"affected": [],
"aliases": [
"CVE-2009-2408"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2009-07-30T19:30:00Z",
"severity": "MODERATE"
},
"details": "Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.",
"id": "GHSA-pm7c-vg9h-jxxc",
"modified": "2024-02-14T18:30:24Z",
"published": "2022-05-02T03:35:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2408"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510251"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10751"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8458"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/810-2"
},
{
"type": "WEB",
"url": "http://isc.sans.org/diary.html?storyid=7003"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=oss-security\u0026m=125198917018936\u0026w=2"
},
{
"type": "WEB",
"url": "http://osvdb.org/56723"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36088"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36125"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36139"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36157"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36434"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/36669"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/37098"
},
{
"type": "WEB",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021030.1-1"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2009/dsa-1874"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:197"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:216"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:217"
},
{
"type": "WEB",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-42.html"
},
{
"type": "WEB",
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"type": "WEB",
"url": "http://www.openldap.org/devel/cvsweb.cgi/libraries/libldap/tls_m.c.diff?r1=1.8\u0026r2=1.11\u0026f=h"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1207.html"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id?1022632"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/usn-810-1"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/2085"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"type": "WEB",
"url": "http://www.wired.com/threatlevel/2009/07/kaminsky"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PMG3-799Q-7MHW
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,
{
"affected": [],
"aliases": [
"CVE-2021-3309"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-26T21:15:00Z",
"severity": "HIGH"
},
"details": "packages/wekan-ldap/server/ldap.js in Wekan before 4.87 can process connections even though they are not authorized by the Certification Authority trust store,",
"id": "GHSA-pmg3-799q-7mhw",
"modified": "2022-05-24T17:40:24Z",
"published": "2022-05-24T17:40:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3309"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan/issues/3482"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan/pull/3483/commits/31f89121fecca5a761b05cc3a26d4f237e90b484"
},
{
"type": "WEB",
"url": "https://github.com/wekan/wekan/releases/tag/v4.87"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-PPFQ-JG49-MQJ4
Vulnerability from github – Published: 2025-05-28 09:31 – Updated: 2025-05-28 15:34libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.
{
"affected": [],
"aliases": [
"CVE-2025-4947"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-28T07:15:24Z",
"severity": "MODERATE"
},
"details": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.",
"id": "GHSA-ppfq-jg49-mqj4",
"modified": "2025-05-28T15:34:32Z",
"published": "2025-05-28T09:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/3150884"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2025-4947.html"
},
{
"type": "WEB",
"url": "https://curl.se/docs/CVE-2025-4947.json"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/05/28/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PPG5-72HH-9JJ4
Vulnerability from github – Published: 2022-05-14 01:17 – Updated: 2022-05-14 01:17When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2017-15698"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-31T14:29:00Z",
"severity": "MODERATE"
},
"details": "When parsing the AIA-Extension field of a client certificate, Apache Tomcat Native Connector 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34 did not correctly handle fields longer than 127 bytes. The result of the parsing error was to skip the OCSP check. It was therefore possible for client certificates that should have been rejected (if the OCSP check had been made) to be accepted. Users not using OCSP checks are not affected by this vulnerability.",
"id": "GHSA-ppg5-72hh-9jj4",
"modified": "2022-05-14T01:17:01Z",
"published": "2022-05-14T01:17:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15698"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0465"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:0466"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00011.html"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2018/dsa-4118"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1040390"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PPP5-CF3C-5M4P
Vulnerability from github – Published: 2022-05-14 02:57 – Updated: 2025-04-20 03:39The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9571"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T12:29:00Z",
"severity": "MODERATE"
},
"details": "The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-ppp5-cf3c-5m4p",
"modified": "2025-04-20T03:39:12Z",
"published": "2022-05-14T02:57:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9571"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PQPC-HHGR-P436
Vulnerability from github – Published: 2025-08-05 15:30 – Updated: 2025-08-05 18:30A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.
{
"affected": [],
"aliases": [
"CVE-2025-44964"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-05T15:15:29Z",
"severity": "LOW"
},
"details": "A lack of SSL certificate validation in BlueStacks v5.20 allows attackers to execute a man-it-the-middle attack and obtain sensitive information.",
"id": "GHSA-pqpc-hhgr-p436",
"modified": "2025-08-05T18:30:43Z",
"published": "2025-08-05T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-44964"
},
{
"type": "WEB",
"url": "https://claroty.com/team82/disclosure-dashboard/cve-2025-44964"
},
{
"type": "WEB",
"url": "http://bluestacks.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-PQR7-9QQQ-HRH5
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2022-05-13 01:31A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.
{
"affected": [],
"aliases": [
"CVE-2019-1757"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-28T01:29:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the Cisco Smart Call Home feature of Cisco IOS and IOS XE Software could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data using an invalid certificate. The vulnerability is due to insufficient certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.",
"id": "GHSA-pqr7-9qqq-hrh5",
"modified": "2022-05-13T01:31:21Z",
"published": "2022-05-13T01:31:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1757"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190327-call-home-cert"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/107617"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PQW9-FPR2-R45X
Vulnerability from github – Published: 2022-10-11 12:00 – Updated: 2022-10-12 12:00An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2022-41747"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-10T21:15:00Z",
"severity": "HIGH"
},
"details": "An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.",
"id": "GHSA-pqw9-fpr2-r45x",
"modified": "2022-10-12T12:00:25Z",
"published": "2022-10-11T12:00:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41747"
},
{
"type": "WEB",
"url": "https://success.trendmicro.com/solution/000291645"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-1402"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.