CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-RPJ2-W6FR-79HC
Vulnerability from github – Published: 2022-08-24 00:00 – Updated: 2025-06-30 21:46{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "14.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-35509"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2022-12-05T23:03:56Z",
"nvd_published_at": "2022-08-23T16:15:00Z",
"severity": "MODERATE"
},
"details": "keycloak accepts an expired certificate by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.\n\nThis issue was partially fixed in version [13.0.1](https://github.com/keycloak/keycloak/pull/6330) and more completely fixed in version [14.0.0](https://github.com/keycloak/keycloak/pull/8067).",
"id": "GHSA-rpj2-w6fr-79hc",
"modified": "2025-06-30T21:46:07Z",
"published": "2022-08-24T00:00:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35509"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/pull/6330"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/pull/8067"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/cve-2020-35509"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912427"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak vulnerable to Improper Certificate Validation"
}
GHSA-RPMM-5Q5G-56VF
Vulnerability from github – Published: 2022-05-14 03:47 – Updated: 2022-05-14 03:47The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.
{
"affected": [],
"aliases": [
"CVE-2015-2319"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-01-08T19:29:00Z",
"severity": "HIGH"
},
"details": "The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204.",
"id": "GHSA-rpmm-5q5g-56vf",
"modified": "2022-05-14T03:47:43Z",
"published": "2022-05-14T03:47:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2319"
},
{
"type": "WEB",
"url": "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
},
{
"type": "WEB",
"url": "https://mitls.org/pages/attacks/SMACK#freak"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2015/dsa-3202"
},
{
"type": "WEB",
"url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/73250"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2547-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RPX3-3F8J-F6V2
Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.
{
"affected": [],
"aliases": [
"CVE-2026-8367"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-13T16:17:04Z",
"severity": "MODERATE"
},
"details": "aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.",
"id": "GHSA-rpx3-3f8j-f6v2",
"modified": "2026-05-13T18:30:57Z",
"published": "2026-05-13T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8367"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2026-38"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RQMR-F8R9-69WQ
Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-09-25 03:30A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.
{
"affected": [],
"aliases": [
"CVE-2024-7383"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-05T14:15:35Z",
"severity": "MODERATE"
},
"details": "A flaw was found in libnbd. The client did not always correctly verify the NBD server\u0027s certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.",
"id": "GHSA-rqmr-f8r9-69wq",
"modified": "2024-09-25T03:30:35Z",
"published": "2024-08-05T15:30:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7383"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6757"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:6964"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-7383"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302865"
},
{
"type": "WEB",
"url": "https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/message/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2"
},
{
"type": "WEB",
"url": "https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/ENZY4LHLARA3N4C3JUNLPYUCXHFO7BWQ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RR3P-5FCF-V5M3
Vulnerability from github – Published: 2023-06-14 15:30 – Updated: 2024-01-30 23:13Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2022.4.3"
},
"package": {
"ecosystem": "Maven",
"name": "com.checkmarx.jenkins:checkmarx"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2023.2.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-35142"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-30T23:13:05Z",
"nvd_published_at": "2023-06-14T13:15:11Z",
"severity": "HIGH"
},
"details": "Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.",
"id": "GHSA-rr3p-5fcf-v5m3",
"modified": "2024-01-30T23:13:05Z",
"published": "2023-06-14T15:30:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35142"
},
{
"type": "WEB",
"url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2870"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2023/06/14/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin"
}
GHSA-RRGX-WGV5-5HF9
Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-16 15:33In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).
{
"affected": [],
"aliases": [
"CVE-2026-45388"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-15T20:16:28Z",
"severity": "CRITICAL"
},
"details": "In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).",
"id": "GHSA-rrgx-wgv5-5hf9",
"modified": "2026-06-16T15:33:47Z",
"published": "2026-06-15T21:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45388"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/OSEC-2026-06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-RRRJ-WQPH-2CMR
Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2022-05-24 16:48The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.
{
"affected": [],
"aliases": [
"CVE-2019-7229"
],
"database_specific": {
"cwe_ids": [
"CWE-295",
"CWE-494"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-06-24T18:15:00Z",
"severity": "HIGH"
},
"details": "The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: \"Utilization of USB/SD Card to flash the device\" and \"Remote provisioning process via ABB Panel Builder 600 over FTP.\" Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.",
"id": "GHSA-rrrj-wqph-2cmr",
"modified": "2022-05-24T16:48:37Z",
"published": "2022-05-24T16:48:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7229"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"type": "WEB",
"url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"type": "WEB",
"url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/153387/ABB-HMI-Missing-Signature-Verification.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2019/Jun/34"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-RVC6-CVQ7-4G2Q
Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-05 15:30This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.
{
"affected": [],
"aliases": [
"CVE-2022-27644"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-29T19:15:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.",
"id": "GHSA-rvc6-cvq7-4g2q",
"modified": "2023-04-05T15:30:23Z",
"published": "2023-03-29T21:30:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27644"
},
{
"type": "WEB",
"url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
},
{
"type": "WEB",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RVCJ-9XFM-M9HR
Vulnerability from github – Published: 2024-06-25 15:31 – Updated: 2025-12-23 18:30Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification
LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents.
LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.
In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPT_SSL_VERIFYPEER of false)
In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.
This issue affects LibreOffice before version 24.2.4.
{
"affected": [],
"aliases": [
"CVE-2024-5261"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-25T13:15:50Z",
"severity": "CRITICAL"
},
"details": "Improper Certificate Validation vulnerability in LibreOffice \"LibreOfficeKit\" mode disables TLS certification verification\n\nLibreOfficeKit can be used for accessing LibreOffice functionality \nthrough C/C++. Typically this is used by third party components to reuse\n LibreOffice as a library to convert, view or otherwise interact with \ndocuments.\n\nLibreOffice internally makes use of \"curl\" to fetch remote resources such as images hosted on webservers.\n\nIn\n affected versions of LibreOffice, when used in LibreOfficeKit mode \nonly, then curl\u0027s TLS certification verification was disabled \n(CURLOPT_SSL_VERIFYPEER of false)\n\nIn the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.\n\nThis issue affects LibreOffice before version 24.2.4.",
"id": "GHSA-rvcj-9xfm-m9hr",
"modified": "2025-12-23T18:30:19Z",
"published": "2024-06-25T15:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5261"
},
{
"type": "WEB",
"url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RVPR-922X-MXGG
Vulnerability from github – Published: 2025-11-13 15:30 – Updated: 2025-11-13 15:30Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.
{
"affected": [],
"aliases": [
"CVE-2025-30669"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-13T15:15:51Z",
"severity": "MODERATE"
},
"details": "Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.",
"id": "GHSA-rvpr-922x-mxgg",
"modified": "2025-11-13T15:30:31Z",
"published": "2025-11-13T15:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30669"
},
{
"type": "WEB",
"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25044"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.