CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-MGJ4-GG2G-J7VW
Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2022-05-24 17:32An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.
{
"affected": [],
"aliases": [
"CVE-2019-8642"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-10-27T20:15:00Z",
"severity": "MODERATE"
},
"details": "An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing.",
"id": "GHSA-mgj4-gg2g-j7vw",
"modified": "2022-05-24T17:32:18Z",
"published": "2022-05-24T17:32:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-8642"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT209600"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-MGQR-M5QQ-FRHQ
Vulnerability from github – Published: 2025-07-08 12:31 – Updated: 2025-07-08 12:31A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute an on-path network (MitM) attack.
{
"affected": [],
"aliases": [
"CVE-2024-31854"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-08T11:15:24Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in SICAM TOOLBOX II (All versions \u003c V07.11). During establishment of a https connection to the TLS server of a managed device, the affected application doesn\u0027t check device\u0027s certificate common name against an expected value.\nThis could allow an attacker to execute an on-path network (MitM) attack.",
"id": "GHSA-mgqr-m5qq-frhq",
"modified": "2025-07-08T12:31:01Z",
"published": "2025-07-08T12:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31854"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-183963.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MGX8-QF37-PR57
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-05-13 01:48An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.
{
"affected": [],
"aliases": [
"CVE-2018-10404"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-13T22:29:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute.",
"id": "GHSA-mgx8-qf37-pr57",
"modified": "2022-05-13T01:48:47Z",
"published": "2022-05-13T01:48:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10404"
},
{
"type": "WEB",
"url": "https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MH33-7RRQ-662W
Vulnerability from github – Published: 2019-04-19 16:55 – Updated: 2024-11-18 22:10The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "urllib3"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.24.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-11324"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2019-04-19T16:54:21Z",
"nvd_published_at": "2019-04-18T21:29:00Z",
"severity": "HIGH"
},
"details": "The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the `ssl_context`, `ca_certs`, or `ca_certs_dir` argument.",
"id": "GHSA-mh33-7rrq-662w",
"modified": "2024-11-18T22:10:50Z",
"published": "2019-04-19T16:55:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11324"
},
{
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/commit/1efadf43dc63317cd9eaa3e0fdb9e05ab07254b1"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3335"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3590"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-mh33-7rrq-662w"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/urllib3/PYSEC-2019-133.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/urllib3/urllib3"
},
{
"type": "WEB",
"url": "https://github.com/urllib3/urllib3/compare/a6ec68a...1efadf4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00015.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00012.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NKGPJLVLVYCL4L4B4G5TIOTVK4BKPG72"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOSA2NT4DUQDBEIWE6O7KKD24XND7TE2"
},
{
"type": "WEB",
"url": "https://pypi.org/project/urllib3/1.24.2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3990-1"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00039.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00041.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/04/19/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Improper Certificate Validation in urllib3"
}
GHSA-MH97-9PR7-97WW
Vulnerability from github – Published: 2025-05-09 06:32 – Updated: 2025-05-11 21:30"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information.
{
"affected": [],
"aliases": [
"CVE-2025-3463"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T06:15:36Z",
"severity": "CRITICAL"
},
"details": "\"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints.\"\u00a0An insufficient validation vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests.\nRefer to the \u0027Security Update for ASUS DriverHub\u0027 section on the ASUS Security Advisory for more information.",
"id": "GHSA-mh97-9pr7-97ww",
"modified": "2025-05-11T21:30:31Z",
"published": "2025-05-09T06:32:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3463"
},
{
"type": "WEB",
"url": "https://mrbruh.com/asusdriverhub"
},
{
"type": "WEB",
"url": "https://www.asus.com/content/asus-product-security-advisory"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MHCV-2F7W-4C7R
Vulnerability from github – Published: 2024-05-14 18:31 – Updated: 2024-05-14 18:31Windows Cryptographic Services Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2024-30020"
],
"database_specific": {
"cwe_ids": [
"CWE-120",
"CWE-122",
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T17:16:52Z",
"severity": "HIGH"
},
"details": "Windows Cryptographic Services Remote Code Execution Vulnerability",
"id": "GHSA-mhcv-2f7w-4c7r",
"modified": "2024-05-14T18:31:04Z",
"published": "2024-05-14T18:31:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30020"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MHPV-F7M8-9Q4J
Vulnerability from github – Published: 2022-05-24 17:00 – Updated: 2024-04-04 02:38A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.
{
"affected": [],
"aliases": [
"CVE-2019-16209"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-11-08T18:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability, in The ReportsTrustManager class of Brocade SANnav versions before v2.0, could allow an attacker to perform a man-in-the-middle attack against Secure Sockets Layer(SSL)connections.",
"id": "GHSA-mhpv-f7m8-9q4j",
"modified": "2024-04-04T02:38:40Z",
"published": "2022-05-24T17:00:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16209"
},
{
"type": "WEB",
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2019-868"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MHQ8-94H7-MRGX
Vulnerability from github – Published: 2026-06-25 18:30 – Updated: 2026-06-26 18:33Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_EXTRA) when the X509_V_FLAG_PARTIAL_CHAIN verify flag is enabled.
{
"affected": [],
"aliases": [
"CVE-2026-6091"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-25T18:16:41Z",
"severity": "MODERATE"
},
"details": "Partial-chain certificate verification may accept chains that terminate at a peer-supplied, untrusted intermediate certificate rather than a trusted anchor. An attacker could present a chain that ends at an intermediate they control and have it accepted as valid. This affects the OpenSSL compatibility certificate-path-building path (wolfSSL_X509_verify_cert / X509_STORE, OPENSSL_EXTRA) when the X509_V_FLAG_PARTIAL_CHAIN verify flag is enabled.",
"id": "GHSA-mhq8-94h7-mrgx",
"modified": "2026-06-26T18:33:49Z",
"published": "2026-06-25T18:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6091"
},
{
"type": "WEB",
"url": "https://github.com/wolfSSL/wolfssl/pull/10170"
},
{
"type": "WEB",
"url": "https://www.wolfssl.com/docs/security-vulnerabilities"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MJ3W-6W57-PMWW
Vulnerability from github – Published: 2025-08-28 15:30 – Updated: 2025-09-23 18:30Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.
{
"affected": [],
"aliases": [
"CVE-2025-58124"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-28T13:16:09Z",
"severity": "MODERATE"
},
"details": "Improper Certificate Validation in Checkmk Exchange plugin check-mk-api allows attackers in MitM position to intercept traffic.",
"id": "GHSA-mj3w-6w57-pmww",
"modified": "2025-09-23T18:30:21Z",
"published": "2025-08-28T15:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58124"
},
{
"type": "WEB",
"url": "https://exchange.checkmk.com/p/check-mk-api"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-MJWW-934M-H4JW
Vulnerability from github – Published: 2021-11-19 20:19 – Updated: 2022-09-01 20:13A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.4.365.2"
},
"package": {
"ecosystem": "NuGet",
"name": "OPCFoundation.NetStandard.Opc.Ua.Core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.365.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-29457"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-07T21:55:21Z",
"nvd_published_at": "2021-02-16T20:15:00Z",
"severity": "MODERATE"
},
"details": "A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 allows attackers to establish a connection using invalid certificates.",
"id": "GHSA-mjww-934m-h4jw",
"modified": "2022-09-01T20:13:29Z",
"published": "2021-11-19T20:19:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29457"
},
{
"type": "WEB",
"url": "https://github.com/OPCFoundation/UA-.NETStandard/pull/1229"
},
{
"type": "WEB",
"url": "https://github.com/OPCFoundation/UA-.NETStandard/pull/1229/commits/d815cfb972bd668c1b6e461f6ff97519d6b26f25"
},
{
"type": "WEB",
"url": "https://github.com/OPCFoundation/UA-.NETStandard"
},
{
"type": "WEB",
"url": "https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2020-29457.pdf"
},
{
"type": "WEB",
"url": "https://www.nuget.org/packages/OPCFoundation.NetStandard.Opc.Ua"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core"
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.