CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-MX89-3Q43-9X7H
Vulnerability from github – Published: 2022-05-18 00:00 – Updated: 2022-06-02 00:00A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.
{
"affected": [],
"aliases": [
"CVE-2013-10001"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-17T08:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used.",
"id": "GHSA-mx89-3q43-9x7h",
"modified": "2022-06-02T00:00:33Z",
"published": "2022-05-18T00:00:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-10001"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.8900"
},
{
"type": "WEB",
"url": "http://www.modzero.ch/modlog/archives/2013/05/28/htcs_e-mail_client_fails_to_verify_server_certificates"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-MXG3-432P-MR72
Vulnerability from github – Published: 2026-05-15 17:17 – Updated: 2026-05-15 17:17Summary
The --tunnel / -t flag opens an outbound SSH connection to localhost.run:22 with HostKeyCallback: ssh.InsecureIgnoreHostKey(). The Go documentation for that function states verbatim: "It should not be used for production code." With the callback disabled the client accepts any host key the server presents, so an attacker who can intercept the operator's TCP connection to localhost.run:22 (any router on the path, malicious local network, ARP/DNS spoof on the operator's LAN, BGP hijack, malicious VPN) can present their own SSH host key, terminate the SSH session locally, and proxy onward — sitting transparently in the middle of the tunnel.
Because localhost.run does TLS termination at their end, the HTTP traffic on the SSH leg is plaintext, so the on-path attacker reads and rewrites every request and response in cleartext. The goshs operator gets no warning; the public URL works normally.
Affected Code
File: tunnel/tunnel.go
func Start(localIP string, localPort int) (*Tunnel, error) {
config := &ssh.ClientConfig{
User: "nokey",
Auth: []ssh.AuthMethod{ssh.Password("")},
HostKeyCallback: ssh.InsecureIgnoreHostKey(), // accepts any server key
Timeout: 10 * time.Second,
BannerCallback: func(banner string) error { return nil },
}
client, err := ssh.Dial("tcp", "localhost.run:22", config)
...
}
There is no fallback verification — no ssh.FixedHostKey, no known_hosts read, no TOFU pin. Every invocation of goshs --tunnel is equally vulnerable.
Exploit Chain
- Operator runs
goshs --tunnel.tunnel.Start()opens an SSH client tolocalhost.run:22withInsecureIgnoreHostKey(). - Attacker positioned on the network path (compromised router, café Wi-Fi MITM, malicious VPN exit, hostile ISP, BGP hijack, or
arpspoof+ DNS spoof on the operator's LAN) intercepts the outbound TCP connection tolocalhost.run:22and answers with their own SSH server. - The attacker's fake SSH server presents an attacker-generated host key. The goshs client's
HostKeyCallbackreturns nil unconditionally. Handshake completes; the client believes it is talking tolocalhost.run. - The attacker proxies the SSH session onward to the real
localhost.run:22, forwarding the URL capture soStart()reads back the genuinehttps://*.lhr.lifeline and returns successfully. The operator sees the public URL printed to stdout exactly as expected. - Every HTTP request arriving at the public URL is routed over the SSH session. The attacker reads every URL, query string, header, body, and
Authorizationvalue sent by every visitor. - For each response the attacker can rewrite the body or headers — serving modified files, injecting HTML/JS, redirecting requests, or stripping
Set-Cookieattributes. - Captured basic-auth credentials give the attacker authenticated access to upload, share-link, catcher, clipboard, and CLI endpoints. If goshs is running credential-collection listeners (SMB/LDAP/SMTP), the captured NTLM hashes and SMTP messages flowing through the tunnel are also exposed.
Impact
- Confidentiality (High): all HTTP request and response content is readable by the on-path attacker (URLs, headers, basic-auth
Authorization, file contents, share-link tokens, the?goshs-infoJSON dump). - Integrity (High): attacker can modify responses in-flight — replace served files, inject
<script>into HTML responses, swap offered binaries for backdoored ones. - Availability: not affected.
Preconditions
- Operator must be running
goshs --tunnel/goshs -t. - Attacker must hold a network-on-path position between the operator and
localhost.run:22(LAN MITM, malicious Wi-Fi, hostile ISP/VPN, BGP hijack, or DNS spoofing combined with an attacker-controlled SSH endpoint).
Fix (applied in v2.0.7)
ssh.InsecureIgnoreHostKey() has been replaced with a Trust-On-First-Use (TOFU) host key callback backed by ~/.config/goshs/known_hosts.
Behaviour after the fix:
-
On first connection: goshs accepts the host key presented by
localhost.run, writes it to~/.config/goshs/known_hosts(mode0600), and prints two warning lines:WARN tunnel: pinned new host key for localhost.run:22 (SHA256:<fingerprint>) in ~/.config/goshs/known_hosts WARN tunnel: verify with: ssh-keyscan localhost.run 2>/dev/null | ssh-keygen -l -f -The operator should compare the printed fingerprint against thessh-keyscanoutput to confirm no MITM occurred on that first connection. -
On subsequent connections: the stored key is loaded via
golang.org/x/crypto/ssh/knownhostsand the presented key is verified against it. A mismatch returns a typedHostKeyMismatchErrorand goshs exits immediately with:FATAL tunnel: ssh: host key mismatch for localhost.run:22 — possible MITM attack. If localhost.run legitimately rotated its key, delete ~/.config/goshs/known_hosts and reconnect
Files changed:
| File | Change |
|---|---|
config/config.go |
Added Dir() — creates and returns ~/.config/goshs (mode 0700) |
main.go |
Calls config.Dir() on every startup to ensure the directory exists |
tunnel/tunnel.go |
Replaced InsecureIgnoreHostKey() with buildTOFUCallback(knownHostsFile); added exported HostKeyMismatchError type |
httpserver/server.go |
Resolves ~/.config/goshs/known_hosts via config.Dir(), passes it to tunnel.Start(); fatal-exits on HostKeyMismatchError |
Implementation uses only already-vendored dependencies (golang.org/x/crypto/ssh/knownhosts is part of the existing golang.org/x/crypto direct dependency — no new modules added).
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.0.6"
},
"package": {
"ecosystem": "Go",
"name": "goshs.de/goshs/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.0.7"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-322"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-15T17:17:38Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nThe `--tunnel` / `-t` flag opens an outbound SSH connection to `localhost.run:22` with `HostKeyCallback: ssh.InsecureIgnoreHostKey()`. The Go documentation for that function states verbatim: *\"It should not be used for production code.\"* With the callback disabled the client accepts any host key the server presents, so an attacker who can intercept the operator\u0027s TCP connection to `localhost.run:22` (any router on the path, malicious local network, ARP/DNS spoof on the operator\u0027s LAN, BGP hijack, malicious VPN) can present their own SSH host key, terminate the SSH session locally, and proxy onward \u2014 sitting transparently in the middle of the tunnel.\n\nBecause `localhost.run` does TLS termination at their end, the HTTP traffic on the SSH leg is plaintext, so the on-path attacker reads and rewrites every request and response in cleartext. The goshs operator gets no warning; the public URL works normally.\n\n### Affected Code\n\n**File:** `tunnel/tunnel.go`\n\n```go\nfunc Start(localIP string, localPort int) (*Tunnel, error) {\n config := \u0026ssh.ClientConfig{\n User: \"nokey\",\n Auth: []ssh.AuthMethod{ssh.Password(\"\")},\n HostKeyCallback: ssh.InsecureIgnoreHostKey(), // accepts any server key\n Timeout: 10 * time.Second,\n BannerCallback: func(banner string) error { return nil },\n }\n client, err := ssh.Dial(\"tcp\", \"localhost.run:22\", config)\n ...\n}\n```\n\nThere is no fallback verification \u2014 no `ssh.FixedHostKey`, no `known_hosts` read, no TOFU pin. Every invocation of `goshs --tunnel` is equally vulnerable.\n\n### Exploit Chain\n\n1. Operator runs `goshs --tunnel`. `tunnel.Start()` opens an SSH client to `localhost.run:22` with `InsecureIgnoreHostKey()`.\n2. Attacker positioned on the network path (compromised router, caf\u00e9 Wi-Fi MITM, malicious VPN exit, hostile ISP, BGP hijack, or `arpspoof` + DNS spoof on the operator\u0027s LAN) intercepts the outbound TCP connection to `localhost.run:22` and answers with their own SSH server.\n3. The attacker\u0027s fake SSH server presents an attacker-generated host key. The goshs client\u0027s `HostKeyCallback` returns nil unconditionally. Handshake completes; the client believes it is talking to `localhost.run`.\n4. The attacker proxies the SSH session onward to the real `localhost.run:22`, forwarding the URL capture so `Start()` reads back the genuine `https://*.lhr.life` line and returns successfully. The operator sees the public URL printed to stdout exactly as expected.\n5. Every HTTP request arriving at the public URL is routed over the SSH session. The attacker reads every URL, query string, header, body, and `Authorization` value sent by every visitor.\n6. For each response the attacker can rewrite the body or headers \u2014 serving modified files, injecting HTML/JS, redirecting requests, or stripping `Set-Cookie` attributes.\n7. Captured basic-auth credentials give the attacker authenticated access to upload, share-link, catcher, clipboard, and CLI endpoints. If goshs is running credential-collection listeners (SMB/LDAP/SMTP), the captured NTLM hashes and SMTP messages flowing through the tunnel are also exposed.\n\n### Impact\n\n- **Confidentiality (High):** all HTTP request and response content is readable by the on-path attacker (URLs, headers, basic-auth `Authorization`, file contents, share-link tokens, the `?goshs-info` JSON dump).\n- **Integrity (High):** attacker can modify responses in-flight \u2014 replace served files, inject `\u003cscript\u003e` into HTML responses, swap offered binaries for backdoored ones.\n- **Availability:** not affected.\n\n### Preconditions\n\n- Operator must be running `goshs --tunnel` / `goshs -t`.\n- Attacker must hold a network-on-path position between the operator and `localhost.run:22` (LAN MITM, malicious Wi-Fi, hostile ISP/VPN, BGP hijack, or DNS spoofing combined with an attacker-controlled SSH endpoint).\n\n---\n\n### Fix (applied in v2.0.7)\n\n`ssh.InsecureIgnoreHostKey()` has been replaced with a **Trust-On-First-Use (TOFU)** host key callback backed by `~/.config/goshs/known_hosts`.\n\n**Behaviour after the fix:**\n\n- On **first connection**: goshs accepts the host key presented by `localhost.run`, writes it to `~/.config/goshs/known_hosts` (mode `0600`), and prints two warning lines:\n ```\n WARN tunnel: pinned new host key for localhost.run:22 (SHA256:\u003cfingerprint\u003e) in ~/.config/goshs/known_hosts\n WARN tunnel: verify with: ssh-keyscan localhost.run 2\u003e/dev/null | ssh-keygen -l -f -\n ```\n The operator should compare the printed fingerprint against the `ssh-keyscan` output to confirm no MITM occurred on that first connection.\n\n- On **subsequent connections**: the stored key is loaded via `golang.org/x/crypto/ssh/knownhosts` and the presented key is verified against it. A mismatch returns a typed `HostKeyMismatchError` and goshs exits immediately with:\n ```\n FATAL tunnel: ssh: host key mismatch for localhost.run:22 \u2014 possible MITM attack.\n If localhost.run legitimately rotated its key, delete ~/.config/goshs/known_hosts and reconnect\n ```\n\n**Files changed:**\n\n| File | Change |\n|------|--------|\n| `config/config.go` | Added `Dir()` \u2014 creates and returns `~/.config/goshs` (mode `0700`) |\n| `main.go` | Calls `config.Dir()` on every startup to ensure the directory exists |\n| `tunnel/tunnel.go` | Replaced `InsecureIgnoreHostKey()` with `buildTOFUCallback(knownHostsFile)`; added exported `HostKeyMismatchError` type |\n| `httpserver/server.go` | Resolves `~/.config/goshs/known_hosts` via `config.Dir()`, passes it to `tunnel.Start()`; fatal-exits on `HostKeyMismatchError` |\n\n**Implementation uses only already-vendored dependencies** (`golang.org/x/crypto/ssh/knownhosts` is part of the existing `golang.org/x/crypto` direct dependency \u2014 no new modules added).",
"id": "GHSA-mxg3-432p-mr72",
"modified": "2026-05-15T17:17:38Z",
"published": "2026-05-15T17:17:38Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/patrickhener/goshs/security/advisories/GHSA-mxg3-432p-mr72"
},
{
"type": "WEB",
"url": "https://github.com/patrickhener/goshs/commit/8f409cb08aacc6e94704334e8b1fb2cd50f5dd98"
},
{
"type": "PACKAGE",
"url": "https://github.com/patrickhener/goshs"
},
{
"type": "WEB",
"url": "https://github.com/patrickhener/goshs/releases/tag/v2.0.7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "goshs: SSH host key verification disabled, allowing transparent MITM of every tunnelled HTTP request"
}
GHSA-MXJF-9J2X-85MG
Vulnerability from github – Published: 2022-05-14 01:59 – Updated: 2022-05-14 01:59Pidgin version <2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.
{
"affected": [],
"aliases": [
"CVE-2016-1000030"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-05T17:29:00Z",
"severity": "CRITICAL"
},
"details": "Pidgin version \u003c2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutls_x509_crt_init() and gnutls_x509_crt_import() that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client. This vulnerability appears to have been fixed in 2.11.0.",
"id": "GHSA-mxjf-9j2x-85mg",
"modified": "2022-05-14T01:59:35Z",
"published": "2022-05-14T01:59:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1000030"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2016-1000030"
},
{
"type": "WEB",
"url": "https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe"
},
{
"type": "WEB",
"url": "https://pidgin.im/news/security/?id=91"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-38"
},
{
"type": "WEB",
"url": "https://www.suse.com/pt-br/security/cve/CVE-2016-1000030"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MXQ6-JPMX-FG69
Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2025-04-20 03:39The "FSBY Mobile Banking" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9586"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T12:29:00Z",
"severity": "MODERATE"
},
"details": "The \"FSBY Mobile Banking\" by First State Bank of Yoakum TX app 3.0.0 -- aka fsby-mobile-banking/id899136434 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-mxq6-jpmx-fg69",
"modified": "2025-04-20T03:39:13Z",
"published": "2022-05-17T02:39:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9586"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P3H6-32Q9-XWH5
Vulnerability from github – Published: 2023-08-11 06:30 – Updated: 2024-04-04 06:52A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.
{
"affected": [],
"aliases": [
"CVE-2023-40256"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-11T05:15:42Z",
"severity": "CRITICAL"
},
"details": "A vulnerability was discovered in Veritas NetBackup Snapshot Manager before 10.2.0.1 that allowed untrusted clients to interact with the RabbitMQ service. This was caused by improper validation of the client certificate due to misconfiguration of the RabbitMQ service. Exploiting this impacts the confidentiality and integrity of messages controlling the backup and restore jobs, and could result in the service becoming unavailable. This impacts only the jobs controlling the backup and restore activities, and does not allow access to (or deletion of) the backup snapshot data itself. This vulnerability is confined to the NetBackup Snapshot Manager feature and does not impact the RabbitMQ instance on the NetBackup primary servers.",
"id": "GHSA-p3h6-32q9-xwh5",
"modified": "2024-04-04T06:52:16Z",
"published": "2023-08-11T06:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40256"
},
{
"type": "WEB",
"url": "https://www.veritas.com/content/support/en_US/security/VTS23-011"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-P3J9-QWH2-784J
Vulnerability from github – Published: 2022-03-11 00:02 – Updated: 2022-03-19 00:01"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
{
"affected": [],
"aliases": [
"CVE-2022-25243"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-10T17:47:00Z",
"severity": "MODERATE"
},
"details": "\"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.",
"id": "GHSA-p3j9-qwh2-784j",
"modified": "2022-03-19T00:01:35Z",
"published": "2022-03-11T00:02:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25243"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-09-vault-pki-secrets-engine-policy-results-in-incorrect-wildcard-certificate-issuance/36600"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202207-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P3WQ-V5CW-MP2F
Vulnerability from github – Published: 2022-05-17 02:30 – Updated: 2022-05-17 02:30Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka "Microsoft Lync for Mac Certificate Validation Vulnerability."
{
"affected": [],
"aliases": [
"CVE-2017-0129"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-17T00:59:00Z",
"severity": "HIGH"
},
"details": "Microsoft Lync for Mac 2011 fails to properly validate certificates, allowing remote attackers to alter server-client communications, aka \"Microsoft Lync for Mac Certificate Validation Vulnerability.\"",
"id": "GHSA-p3wq-v5cw-mp2f",
"modified": "2022-05-17T02:30:43Z",
"published": "2022-05-17T02:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0129"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0129"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/96752"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1038020"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P3X8-4HX6-WG6W
Vulnerability from github – Published: 2022-05-14 02:57 – Updated: 2025-04-20 03:39The "Middleton Community Bank Mobile Banking" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9576"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T12:29:00Z",
"severity": "MODERATE"
},
"details": "The \"Middleton Community Bank Mobile Banking\" by Middleton Community Bank app 3.0.0 -- aka middleton-community-bank-mobile-banking/id721843238 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-p3x8-4hx6-wg6w",
"modified": "2025-04-20T03:39:12Z",
"published": "2022-05-14T02:57:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9576"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-P3XV-97G8-4WMJ
Vulnerability from github – Published: 2022-05-17 04:52 – Updated: 2025-07-07 12:57The OpenStack Python client library for Swift (python-swiftclient) from 1.0 before 2.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "python-swiftclient"
},
"ranges": [
{
"events": [
{
"introduced": "1.0"
},
{
"fixed": "2.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-6396"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-29T18:56:11Z",
"nvd_published_at": "2014-02-18T19:55:00Z",
"severity": "CRITICAL"
},
"details": "The OpenStack Python client library for Swift (python-swiftclient) from 1.0 before 2.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-p3xv-97g8-4wmj",
"modified": "2025-07-07T12:57:06Z",
"published": "2022-05-17T04:52:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6396"
},
{
"type": "WEB",
"url": "https://github.com/openstack/python-swiftclient/commit/b182112719ab87942472e44aa3446ea0eb19a289"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/python-swiftclient/+bug/1199783"
},
{
"type": "PACKAGE",
"url": "https://github.com/chmouel/python-swiftclient"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/python-swiftclient/PYSEC-2014-12.yaml"
},
{
"type": "WEB",
"url": "https://review.opendev.org/c/openstack/python-swiftclient/+/69187"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2014/02/17/7"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Python Swift client is vulnerable to Missing SSL Certificate Check"
}
GHSA-P43H-5X4H-9PP7
Vulnerability from github – Published: 2022-05-24 17:18 – Updated: 2022-05-24 17:18In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.
{
"affected": [],
"aliases": [
"CVE-2020-13645"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-05-28T12:15:00Z",
"severity": "MODERATE"
},
"details": "In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server\u0027s TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host.",
"id": "GHSA-p43h-5x4h-9pp7",
"modified": "2022-05-24T17:18:48Z",
"published": "2022-05-24T17:18:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13645"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/balsa/-/issues/34"
},
{
"type": "WEB",
"url": "https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLEX2IP62SU6WJ4SK3U766XGLQK3J62O"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LRCUM22YEWWKNMN2BP5LTVDM5P4VWIXS"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQEQJQ4XFMFCFJTEXKL2ZO3UELBPCKSK"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202007-50"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200608-0004"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4405-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.