Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1907 vulnerabilities reference this CWE, most recent first.

GHSA-R8GR-36V8-M732

Vulnerability from github – Published: 2025-09-17 18:31 – Updated: 2025-09-17 18:31
VLAI
Details

CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-35434"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-17T17:15:43Z",
    "severity": "LOW"
  },
  "details": "CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.",
  "id": "GHSA-r8gr-36v8-m732",
  "modified": "2025-09-17T18:31:18Z",
  "published": "2025-09-17T18:31:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-35434"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/thorium/blob/main/api/src/models/backends/setup/elastic_setup.rs#L36-L43"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cisagov/thorium/releases/tag/1.1.2"
    },
    {
      "type": "WEB",
      "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-259-01.json"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-35434"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-R8HG-9V6R-2MQ2

Vulnerability from github – Published: 2023-12-19 15:30 – Updated: 2023-12-28 18:30
VLAI
Details

A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-1514"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-19T15:15:08Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability exists in the component RTU500 Scripting interface. When a client connects to a server using TLS, the server presents a certificate. This certificate links a public key to the identity of the service and is signed by a Certification Authority (CA), allowing the client to validate that the remote service can be trusted\u00a0and is not malicious. If the client does not validate the parameters of the certificate, then attackers could be able to spoof the identity of the service. An attacker could exploit the vulnerability by using faking the identity of a RTU500 device and intercepting the messages initiated via the RTU500 Scripting interface.",
  "id": "GHSA-r8hg-9v6r-2mq2",
  "modified": "2023-12-28T18:30:33Z",
  "published": "2023-12-19T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1514"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000152\u0026languageCode=en\u0026Preview=true"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R94V-7V68-9RJQ

Vulnerability from github – Published: 2022-05-13 01:12 – Updated: 2022-05-13 01:12
VLAI
Details

Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-8020"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-31T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 has a flaw that does not properly check OCSP pre-produced responses, which are lists (multiple entries) of certificate statuses. Subsequently, revoked client certificates may not be properly identified, allowing for users to authenticate with revoked certificates to connections that require mutual TLS. Users not using OCSP checks are not affected by this vulnerability.",
  "id": "GHSA-r94v-7v68-9rjq",
  "modified": "2022-05-13T01:12:17Z",
  "published": "2022-05-13T01:12:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8020"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2469"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:2470"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833@%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@%3Cdev.tomcat.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00023.html"
    },
    {
      "type": "WEB",
      "url": "http://mail-archives.us.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721101944.GA45239@minotaur.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104934"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041507"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9GQ-FGFV-3P2P

Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2024-04-04 04:29
VLAI
Details

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird < 102.10.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0547"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-02T17:15:10Z",
    "severity": "MODERATE"
  },
  "details": "OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug. This vulnerability affects Thunderbird \u003c 102.10.",
  "id": "GHSA-r9gq-fgfv-3p2p",
  "modified": "2024-04-04T04:29:16Z",
  "published": "2023-06-02T18:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0547"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811298"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/security/advisories/mfsa2023-15"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9PG-9RCH-4JMQ

Vulnerability from github – Published: 2022-05-17 02:39 – Updated: 2025-04-20 03:39
VLAI
Details

The "PCSB BANK Mobile" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-9587"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-16T12:29:00Z",
    "severity": "MODERATE"
  },
  "details": "The \"PCSB BANK Mobile\" by PCSB Bank app 3.0.4 -- aka pcsb-bank-mobile/id1067472090 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
  "id": "GHSA-r9pg-9rch-4jmq",
  "modified": "2025-04-20T03:39:13Z",
  "published": "2022-05-17T02:39:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9587"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    },
    {
      "type": "WEB",
      "url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9R5-JXP7-WHR4

Vulnerability from github – Published: 2022-03-24 00:00 – Updated: 2022-04-05 00:01
VLAI
Details

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-3618"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-23T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim\u0027s traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.",
  "id": "GHSA-r9r5-jxp7-whr4",
  "modified": "2022-04-05T00:01:06Z",
  "published": "2022-03-24T00:00:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3618"
    },
    {
      "type": "WEB",
      "url": "https://github.com/nginx/nginx/commit/173f16f736c10eae46cd15dd861b04b82d91a37a"
    },
    {
      "type": "WEB",
      "url": "https://alpaca-attack.com"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329"
    },
    {
      "type": "WEB",
      "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"
    },
    {
      "type": "WEB",
      "url": "https://ubuntu.com/security/CVE-2021-3618"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-R9VH-GJQP-FH37

Vulnerability from github – Published: 2022-05-18 00:00 – Updated: 2022-05-27 00:00
VLAI
Details

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29726"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-17T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID: 201104.",
  "id": "GHSA-r9vh-gjqp-fh37",
  "modified": "2022-05-27T00:00:24Z",
  "published": "2022-05-18T00:00:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29726"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/201104"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6586754"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/6586756"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC2R-W8JV-VGGP

Vulnerability from github – Published: 2022-05-14 01:30 – Updated: 2024-02-28 22:58
VLAI
Summary
Cloud Foundry vulnerable to Improper Certificate Validation
Details

Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.0.0"
            },
            {
              "fixed": "3.3.0.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.cloudfoundry.identity:cloudfoundry-identity-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.4.0"
            },
            {
              "fixed": "3.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-5016"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-28T22:58:21Z",
    "nvd_published_at": "2017-04-24T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and earlier, UAA release 12.2 and earlier, PCF (aka Pivotal Cloud Foundry) Elastic Runtime 1.6.x before 1.6.35, and PCF Elastic Runtime 1.7.x before 1.7.13 does not validate if a certificate is expired.",
  "id": "GHSA-rc2r-w8jv-vggp",
  "modified": "2024-02-28T22:58:21Z",
  "published": "2022-05-14T01:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5016"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/commit/0a78612f981c541ad2d997e6a365f2a0b3e799d9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/commit/bc91ccd2029e8f1cea0c647f0c9aad4585f7a2c"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/commit/f97049df1c6c03effda5049c41704ac831ff3925"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/cf-release/releases/tag/v240"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v11.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa-release/releases/tag/v12.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/releases/tag/2.7.4.6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/releases/tag/3.3.0.3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cloudfoundry/uaa/releases/tag/3.4.2"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2016-5016"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cloud Foundry vulnerable to Improper Certificate Validation"
}

GHSA-RC36-F2PM-XCJG

Vulnerability from github – Published: 2022-05-01 02:15 – Updated: 2024-12-05 21:31
VLAI
Details

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2005-3170"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-10-06T10:02:00Z",
    "severity": "MODERATE"
  },
  "details": "The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.",
  "id": "GHSA-rc36-f2pm-xcjg",
  "modified": "2024-12-05T21:31:50Z",
  "published": "2022-05-01T02:15:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-3170"
    },
    {
      "type": "WEB",
      "url": "http://support.microsoft.com/kb/883639"
    },
    {
      "type": "WEB",
      "url": "http://support.microsoft.com/kb/900345"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RC6V-5RMX-W5MV

Vulnerability from github – Published: 2026-05-15 18:13 – Updated: 2026-06-09 10:34
VLAI
Summary
arnika is affected by medium-severity issues in UDP rotation, PQC handling, and KMS TLS
Details

Summary

Three medium-severity issues in arnika affecting the UDP key-rotation protocol, PQC key file handling, and KMS TLS client. All require specific preconditions to exploit and do not allow direct code execution or immediate key extraction. A self-contained PoC is attached.

Details

1) ACK timestamp not validated: udpserver.go:185 udpClient() verifies HMAC and packet type but never checks ackPkt.Timestamp. A MITM can capture one ACK, drop all subsequent DATA packets, and replay the stale ACK indefinitely. Primary advances PSK each rotation, backup stays on key 1, tunnel breaks. No PSK knowledge needed. The server side already has this check, the client does not. Fix: mirror the timestamp check already present on the server side.

2) Empty PQC key file silently accepted: repositories/pqc.go:29 os.ReadFile follows symlinks. Empty file to base64.Decode("") = []byte{}, nil. HKDF runs on the QKD key alone while arnika logs [OK] HKDF derivation completed for QKD+PQC key. Requires write access to the directory containing PQC_PSK_FILE. Fix: validate decoded key is non-empty before derivation; enforce parent directory permissions in SECURITY.md.

3) InsecureSkipVerify: true hardcoded: repositories/kms.go:61 KMS HTTP client unconditionally sets InsecureSkipVerify: true, overriding RootCAs. CA_CERTIFICATE is loaded but never consulted (dead code). Requires MITM between arnika and the KMS endpoint, which in typical deployments are co-located. Fix: remove the flag; RootCAs already holds the correct pool when CA_CERTIFICATE is configured.

PoC

See arnika_exploit.tar.gz. PoC shows observable behavior for each attack; the third one (KMS MITM) needs no custom code, any HTTPS proxy with a self-signed cert is enough.

Impact

Issues require network MITM or local directory write access to exploit. No direct key extraction or code execution. Primary impact is tunnel desync and silent security downgrade in hybrid QKD+PQC mode.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 1.0.0"
      },
      "package": {
        "ecosystem": "Go",
        "name": "github.com/arnika-project/arnika"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.0.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-294",
      "CWE-295",
      "CWE-345"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-15T18:13:57Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\nThree medium-severity issues in arnika affecting the UDP key-rotation protocol, PQC key file handling, and KMS TLS client. All require specific preconditions to exploit and do not allow direct code execution or immediate key extraction. A self-contained PoC is attached.\n\n### Details\n1) ACK timestamp not validated: `udpserver.go:185`\n`udpClient()` verifies HMAC and packet type but never checks `ackPkt.Timestamp`. A MITM can capture one ACK, drop all subsequent DATA packets, and replay the stale ACK indefinitely. Primary advances PSK each rotation, backup stays on key 1, tunnel breaks. No PSK knowledge needed. The server side already has this check, the client does not.\n**Fix**: mirror the timestamp check already present on the server side.\n\n2) Empty PQC key file silently accepted: `repositories/pqc.go:29`\n`os.ReadFile` follows symlinks. Empty file to `base64.Decode(\"\") = []byte{}, nil`. HKDF runs on the QKD key alone while arnika logs `[OK] HKDF derivation completed for QKD+PQC key`. Requires write access to the directory containing `PQC_PSK_FILE`.\n**Fix**: validate decoded key is non-empty before derivation; enforce parent directory permissions in `SECURITY.md`.\n\n3) `InsecureSkipVerify: true` hardcoded: `repositories/kms.go:61`\nKMS HTTP client unconditionally sets `InsecureSkipVerify: true`, overriding `RootCAs`. `CA_CERTIFICATE` is loaded but never consulted (dead code). Requires MITM between arnika and the KMS endpoint, which in typical deployments are co-located.\n**Fix**: remove the flag; `RootCAs` already holds the correct pool when `CA_CERTIFICATE` is configured.\n\n### PoC\nSee [arnika_exploit.tar.gz](https://github.com/user-attachments/files/27585454/arnika_exploit.tar.gz). PoC shows observable behavior for each attack; the third one (KMS MITM) needs no custom code, any HTTPS proxy with a self-signed cert is enough.\n\n### Impact\nIssues require network MITM or local directory write access to exploit. No direct key extraction or code execution. Primary impact is tunnel desync and silent security downgrade in hybrid QKD+PQC mode.",
  "id": "GHSA-rc6v-5rmx-w5mv",
  "modified": "2026-06-09T10:34:05Z",
  "published": "2026-05-15T18:13:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/arnika-project/arnika/security/advisories/GHSA-rc6v-5rmx-w5mv"
    },
    {
      "type": "WEB",
      "url": "https://github.com/arnika-project/arnika/commit/efbd980d8b636cb59f60f2d6ece1b80a9cf36535"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/arnika-project/arnika"
    },
    {
      "type": "WEB",
      "url": "https://github.com/arnika-project/arnika/releases/tag/v1.0.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "arnika is affected by medium-severity issues in UDP rotation, PQC handling, and KMS TLS"
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.