Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1903 vulnerabilities reference this CWE, most recent first.

GHSA-VF4W-FG7R-5V94

Vulnerability from github – Published: 2021-04-07 20:56 – Updated: 2021-04-23 00:22
VLAI
Summary
Improper Certificate Validation in phpseclib
Details

phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpseclib/phpseclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "phpseclib/phpseclib"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.0.31"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-30130"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-347"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-07T17:29:49Z",
    "nvd_published_at": "2021-04-06T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.",
  "id": "GHSA-vf4w-fg7r-5v94",
  "modified": "2021-04-23T00:22:49Z",
  "published": "2021-04-07T20:56:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30130"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/pull/1635"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2021-30130.yaml"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/releases/tag/2.0.31"
    },
    {
      "type": "WEB",
      "url": "https://github.com/phpseclib/phpseclib/releases/tag/3.0.7"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00024.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00025.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Certificate Validation in phpseclib"
}

GHSA-VF58-GGX8-PWP7

Vulnerability from github – Published: 2025-09-19 21:31 – Updated: 2025-11-25 15:31
VLAI
Details

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to 20.0.2786 (VA and SaaS deployments) contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers and internal microservices. In multiple places, the application sets libcurl/PHP transport options such that CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are effectively disabled, and environment variables (for example API_*_VERIFYSSL=false) are used to turn off verification for gateway and microservice endpoints. As a result, the client accepts TLS connections without validating server certificates (and, in some cases, uses clear-text HTTP), permitting on-path attackers to perform man-in-the-middle (MitM) attacks. An attacker able to intercept network traffic between the product and printers or microservices can eavesdrop on and modify sensitive data (including print jobs, configuration, and authentication tokens), inject malicious payloads, or disrupt service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-34199"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-319"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-19T19:15:40Z",
    "severity": "CRITICAL"
  },
  "details": "Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.1049 and Application versions prior to\u00a020.0.2786 (VA and SaaS deployments) contain insecure defaults and code patterns that disable TLS/SSL certificate verification for communications to printers and internal microservices. In multiple places, the application sets libcurl/PHP transport options such that CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are effectively disabled, and environment variables (for example API_*_VERIFYSSL=false) are used to turn off verification for gateway and microservice endpoints. As a result, the client accepts TLS connections without validating server certificates (and, in some cases, uses clear-text HTTP), permitting on-path attackers to perform man-in-the-middle (MitM) attacks. An attacker able to intercept network traffic between the product and printers or microservices can eavesdrop on and modify sensitive data (including print jobs, configuration, and authentication tokens), inject malicious payloads, or disrupt service.",
  "id": "GHSA-vf58-ggx8-pwp7",
  "modified": "2025-11-25T15:31:33Z",
  "published": "2025-09-19T21:31:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-34199"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://help.printerlogic.com/va/Print/Security/Security-Bulletins.htm"
    },
    {
      "type": "WEB",
      "url": "https://pierrekim.github.io/blog/2025-04-08-vasion-printerlogic-83-vulnerabilities.html#va-insecure-communications"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/vasion-print-printerlogic-insecure-ssl-verification-allows-mitm-attacks"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-VFXC-R2GX-V2VQ

Vulnerability from github – Published: 2022-05-24 16:46 – Updated: 2023-09-29 16:02
VLAI
Summary
Hybrid Group Gobot Improper Certificate Validation vulnerability
Details

An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default.

Specific Go Packages Affected

github.com/hybridgroup/gobot/platforms/mqtt

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hybridgroup/gobot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.12.1-0.20190521122906-c1aa4f867846"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-12496"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-02-08T00:25:02Z",
    "nvd_published_at": "2019-05-31T11:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default.\n\n### Specific Go Packages Affected\ngithub.com/hybridgroup/gobot/platforms/mqtt",
  "id": "GHSA-vfxc-r2gx-v2vq",
  "modified": "2023-09-29T16:02:16Z",
  "published": "2022-05-24T16:46:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-12496"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hybridgroup/gobot/commit/c1aa4f867846da4669ecf3bc3318bd96b7ee6f3f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hybridgroup/gobot"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hybridgroup/gobot/compare/ed53198...7f973df"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hybridgroup/gobot/releases/tag/v1.13.0"
    },
    {
      "type": "WEB",
      "url": "https://pkg.go.dev/vuln/GO-2021-0083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Hybrid Group Gobot Improper Certificate Validation vulnerability"
}

GHSA-VG99-GR89-QHW9

Vulnerability from github – Published: 2026-07-13 18:37 – Updated: 2026-07-13 18:37
VLAI
Summary
DIRAC: Pilot code downloaded over unverified HTTPS connection
Details

Summary

The second stage pilot (pilot.tar) is downloaded by the initial wrapper script without any verification of the webservers' SSL certificate and the contained script is subsequently executed. The checksum is tested, but the reference checksum file is downloaded over the same unvalidated channel.

Details

The pilot wrapper downloads and executes the main second stage pilot script, but the SSL validation on this connection is explicitly disabled (to match old python < 2.7.9 behaviour): https://github.com/DIRACGrid/DIRAC/blob/integration/src/DIRAC/WorkloadManagementSystem/Utilities/PilotWrapper.py#L292-L296

This means that the second stage pilot code is not verified in any way and could potentially be altered by a man-in-the-middle attack to execute arbitrary code in the pilot context (i.e. with access to the pilot proxy/credentials).

The HTTPS connection should be validated against both the system certificates and $X509_CERT_DIR and fail if neither validate correctly.

Impact

This would require a man-in-the-middle style attack against a grid site's network (i.e. changing the DNS or routing to redirect the pilot's connection); this is likely to be difficult which probably limits the potential impact.

Patched versions:

https://pypi.org/project/DIRAC/8.0.79/ https://pypi.org/project/DIRAC/9.0.22/ https://pypi.org/project/DIRAC/9.1.10/

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "DIRAC"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.20.1"
            },
            {
              "fixed": "8.0.79"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "DIRAC"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.1.0a1"
            },
            {
              "fixed": "9.0.22"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "DIRAC"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "9.1.0"
            },
            {
              "fixed": "9.1.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-61668"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-07-13T18:37:51Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "### Summary\nThe second stage pilot (pilot.tar) is downloaded by the initial wrapper script without any verification of the webservers\u0027 SSL certificate and the contained script is subsequently executed. The checksum is tested, but the reference checksum file is downloaded over the same unvalidated channel.\n\n### Details\nThe pilot wrapper downloads and executes the main second stage pilot script, but the SSL validation on this connection is explicitly disabled (to match old python \u003c 2.7.9 behaviour):\nhttps://github.com/DIRACGrid/DIRAC/blob/integration/src/DIRAC/WorkloadManagementSystem/Utilities/PilotWrapper.py#L292-L296\n\nThis means that the second stage pilot code is not verified in any way and could potentially be altered by a man-in-the-middle attack to execute arbitrary code in the pilot context (i.e. with access to the pilot proxy/credentials).\n\nThe HTTPS connection should be validated against both the system certificates and $X509_CERT_DIR and fail if neither validate correctly.\n\n### Impact\nThis would require a man-in-the-middle style attack against a grid site\u0027s network (i.e. changing the DNS or routing to redirect the pilot\u0027s connection); this is likely to be difficult which probably limits the potential impact.\n\n### Patched versions:\nhttps://pypi.org/project/DIRAC/8.0.79/\nhttps://pypi.org/project/DIRAC/9.0.22/\nhttps://pypi.org/project/DIRAC/9.1.10/",
  "id": "GHSA-vg99-gr89-qhw9",
  "modified": "2026-07-13T18:37:51Z",
  "published": "2026-07-13T18:37:51Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-vg99-gr89-qhw9"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/DIRACGrid/DIRAC"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/DIRAC/8.0.79"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/DIRAC/9.0.22"
    },
    {
      "type": "WEB",
      "url": "https://pypi.org/project/DIRAC/9.1.10"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "DIRAC: Pilot code downloaded over unverified HTTPS connection"
}

GHSA-VH73-Q3RW-QX7W

Vulnerability from github – Published: 2024-02-05 21:30 – Updated: 2024-02-05 23:06
VLAI
Summary
Boundary vulnerable to session hijacking through TLS certificate tampering
Details

Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/boundary"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.8.0"
            },
            {
              "fixed": "0.15.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-1052"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-05T23:06:56Z",
    "nvd_published_at": "2024-02-05T21:15:11Z",
    "severity": "HIGH"
  },
  "details": "Boundary and Boundary Enterprise (\u201cBoundary\u201d) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application.",
  "id": "GHSA-vh73-q3rw-qx7w",
  "modified": "2024-02-05T23:06:56Z",
  "published": "2024-02-05T21:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1052"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hashicorp/boundary"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Boundary vulnerable to session hijacking through TLS certificate tampering"
}

GHSA-VHCM-29FV-3VX5

Vulnerability from github – Published: 2024-12-16 18:31 – Updated: 2024-12-16 18:31
VLAI
Details

An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4762"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-16T17:15:10Z",
    "severity": "HIGH"
  },
  "details": "An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges.",
  "id": "GHSA-vhcm-29fv-3vx5",
  "modified": "2024-12-16T18:31:09Z",
  "published": "2024-12-16T18:31:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4762"
    },
    {
      "type": "WEB",
      "url": "https://support.lenovo.co/us/en/product_security/LEN-174319"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VHFP-M358-H5G3

Vulnerability from github – Published: 2023-05-10 21:30 – Updated: 2024-04-04 04:01
VLAI
Details

An Improper Certificate Validation vulnerability

in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface

could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31151"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-10T20:15:10Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Certificate Validation vulnerability \n\nin the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface\n\ncould allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack.\nSee SEL Service Bulletin dated 2022-11-15 for more details.\n\n\n\n\n",
  "id": "GHSA-vhfp-m358-h5g3",
  "modified": "2024-04-04T04:01:37Z",
  "published": "2023-05-10T21:30:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31151"
    },
    {
      "type": "WEB",
      "url": "https://selinc.com/support/security-notifications/external-reports"
    },
    {
      "type": "WEB",
      "url": "https://www.nozominetworks.com/blog"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VHG4-6QHJ-G32H

Vulnerability from github – Published: 2022-05-17 00:19 – Updated: 2022-05-17 00:19
VLAI
Details

Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka "Inaudible Subversion."

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-10T02:29:00Z",
    "severity": "HIGH"
  },
  "details": "Savitech driver packages for Windows silently install a self-signed certificate into the Trusted Root Certification Authorities store, aka \"Inaudible Subversion.\"",
  "id": "GHSA-vhg4-6qhj-g32h",
  "modified": "2022-05-17T00:19:52Z",
  "published": "2022-05-17T00:19:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9758"
    },
    {
      "type": "WEB",
      "url": "https://community.rsa.com/community/products/netwitness/blog/2017/10/27/inaudible-subversion-did-your-hi-fi-just-subvert-your-pc"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/446847"
    },
    {
      "type": "WEB",
      "url": "https://zeroday.hitcon.org/vulnerability/ZD-2017-00386"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101700"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VJ5R-MMP4-3HRX

Vulnerability from github – Published: 2022-11-16 12:00 – Updated: 2022-12-15 20:44
VLAI
Summary
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Details

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. Currently, there are no known workarounds or patches.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.main:cavisson-ns-nd-integration"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "4.8.0.146"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-38666"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-21T22:19:30Z",
    "nvd_published_at": "2022-11-15T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.146 and earlier unconditionally disables SSL/TLS certificate and hostname validation for several features. Currently, there are no known workarounds or patches.",
  "id": "GHSA-vj5r-mmp4-3hrx",
  "modified": "2022-12-15T20:44:46Z",
  "published": "2022-11-16T12:00:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38666"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/cavisson-ns-nd-integration-plugin/releases"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-11-15/#SECURITY-2910%20(2)"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/11/15/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin"
}

GHSA-VJGV-P598-G52V

Vulnerability from github – Published: 2022-05-14 03:23 – Updated: 2022-05-14 03:23
VLAI
Details

An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-10066"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-04-13T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client\u0027s internal network (for example, at site-to-site tunnels).",
  "id": "GHSA-vjgv-p598-g52v",
  "modified": "2022-05-14T03:23:04Z",
  "published": "2022-05-14T03:23:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10066"
    },
    {
      "type": "WEB",
      "url": "https://janis-streib.de/2018/04/11/mikrotik-openvpn-security"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.