Common Weakness Enumeration

CWE-295

Allowed

Improper Certificate Validation

Abstraction: Base · Status: Draft

The product does not validate, or incorrectly validates, a certificate.

1908 vulnerabilities reference this CWE, most recent first.

GHSA-RPJ2-W6FR-79HC

Vulnerability from github – Published: 2022-08-24 00:00 – Updated: 2025-06-30 21:46
VLAI
Summary
Keycloak vulnerable to Improper Certificate Validation
Details

keycloak accepts an expired certificate by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.

This issue was partially fixed in version 13.0.1 and more completely fixed in version 14.0.0.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.keycloak:keycloak-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "14.0.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-35509"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-05T23:03:56Z",
    "nvd_published_at": "2022-08-23T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "keycloak accepts an expired certificate by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.\n\nThis issue was partially fixed in version [13.0.1](https://github.com/keycloak/keycloak/pull/6330) and more completely fixed in version [14.0.0](https://github.com/keycloak/keycloak/pull/8067).",
  "id": "GHSA-rpj2-w6fr-79hc",
  "modified": "2025-06-30T21:46:07Z",
  "published": "2022-08-24T00:00:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35509"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/pull/6330"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/pull/8067"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/commit/478319348bdfdb9b6d39122f41edf2af79f679bb"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/cve-2020-35509"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912427"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/keycloak/keycloak"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keycloak/keycloak/blob/4f330f4a57cbfcf6202b60546518261c66e59a35/services/src/main/java/org/keycloak/authentication/authenticators/x509/ValidateX509CertificateUsername.java#L74-L76"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Keycloak vulnerable to Improper Certificate Validation"
}

GHSA-RPMM-5Q5G-56VF

Vulnerability from github – Published: 2022-05-14 03:47 – Updated: 2022-05-14 03:47
VLAI
Details

The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2015-2319"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-08T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the \"FREAK\" issue, a different vulnerability than CVE-2015-0204.",
  "id": "GHSA-rpmm-5q5g-56vf",
  "modified": "2022-05-14T03:47:43Z",
  "published": "2022-05-14T03:47:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-2319"
    },
    {
      "type": "WEB",
      "url": "https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202869"
    },
    {
      "type": "WEB",
      "url": "https://mitls.org/pages/attacks/SMACK#freak"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2015/dsa-3202"
    },
    {
      "type": "WEB",
      "url": "http://www.mono-project.com/news/2015/03/07/mono-tls-vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2015/03/17/9"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/73250"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2547-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RPX3-3F8J-F6V2

Vulnerability from github – Published: 2026-05-13 18:30 – Updated: 2026-05-13 18:30
VLAI
Details

aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8367"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-13T16:17:04Z",
    "severity": "MODERATE"
  },
  "details": "aria2c accepts a server certificate with incorrect Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication.",
  "id": "GHSA-rpx3-3f8j-f6v2",
  "modified": "2026-05-13T18:30:57Z",
  "published": "2026-05-13T18:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8367"
    },
    {
      "type": "WEB",
      "url": "https://www.tenable.com/security/research/tra-2026-38"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RQMR-F8R9-69WQ

Vulnerability from github – Published: 2024-08-05 15:30 – Updated: 2024-09-25 03:30
VLAI
Details

A flaw was found in libnbd. The client did not always correctly verify the NBD server's certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7383"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-05T14:15:35Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in libnbd. The client did not always correctly verify the NBD server\u0027s certificate when using TLS to connect to an NBD server. This issue allows a man-in-the-middle attack on NBD traffic.",
  "id": "GHSA-rqmr-f8r9-69wq",
  "modified": "2024-09-25T03:30:35Z",
  "published": "2024-08-05T15:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7383"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6757"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:6964"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-7383"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302865"
    },
    {
      "type": "WEB",
      "url": "https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/message/LHR3BW6RJ7K4BJBQIYV3GTZLSY27VZO2"
    },
    {
      "type": "WEB",
      "url": "https://lists.libguestfs.org/archives/list/guestfs@lists.libguestfs.org/thread/ENZY4LHLARA3N4C3JUNLPYUCXHFO7BWQ"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RR3P-5FCF-V5M3

Vulnerability from github – Published: 2023-06-14 15:30 – Updated: 2024-01-30 23:13
VLAI
Summary
SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin
Details

Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2022.4.3"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "com.checkmarx.jenkins:checkmarx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2023.2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-35142"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-30T23:13:05Z",
    "nvd_published_at": "2023-06-14T13:15:11Z",
    "severity": "HIGH"
  },
  "details": "Jenkins Checkmarx Plugin 2022.4.3 and earlier disables SSL/TLS validation for connections to the Checkmarx server by default.",
  "id": "GHSA-rr3p-5fcf-v5m3",
  "modified": "2024-01-30T23:13:05Z",
  "published": "2023-06-14T15:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35142"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2023-06-14/#SECURITY-2870"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2023/06/14/5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SSL/TLS certificate validation disabled by default in Jenkins Checkmarx Plugin"
}

GHSA-RRGX-WGV5-5HF9

Vulnerability from github – Published: 2026-06-15 21:30 – Updated: 2026-06-16 15:33
VLAI
Details

In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45388"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-15T20:16:28Z",
    "severity": "CRITICAL"
  },
  "details": "In OCaml-TLS before 2.1.0, the client implementation does insufficient checks of the certificate provided by the server, which allows impersonation with certificates that are not meant for server authentication (because of KeyUsage and ExtendedKeyUsage).",
  "id": "GHSA-rrgx-wgv5-5hf9",
  "modified": "2026-06-16T15:33:47Z",
  "published": "2026-06-15T21:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45388"
    },
    {
      "type": "WEB",
      "url": "https://osv.dev/vulnerability/OSEC-2026-06"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RRRJ-WQPH-2CMR

Vulnerability from github – Published: 2022-05-24 16:48 – Updated: 2022-05-24 16:48
VLAI
Details

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2019-7229"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295",
      "CWE-494"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-06-24T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: \"Utilization of USB/SD Card to flash the device\" and \"Remote provisioning process via ABB Panel Builder 600 over FTP.\" Neither of these transmission methods implements any form of encryption or authenticity checks against the new firmware HMI software binary files.",
  "id": "GHSA-rrrj-wqph-2cmr",
  "modified": "2022-05-24T16:48:37Z",
  "published": "2022-05-24T16:48:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7229"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010376\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=3ADR010402\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    },
    {
      "type": "WEB",
      "url": "https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/153387/ABB-HMI-Missing-Signature-Verification.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2019/Jun/34"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-RVC6-CVQ7-4G2Q

Vulnerability from github – Published: 2023-03-29 21:30 – Updated: 2023-04-05 15:30
VLAI
Details

This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-27644"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-29T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797.",
  "id": "GHSA-rvc6-cvq7-4g2q",
  "modified": "2023-04-05T15:30:23Z",
  "published": "2023-03-29T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27644"
    },
    {
      "type": "WEB",
      "url": "https://kb.netgear.com/000064721/Security-Advisory-for-Multiple-Vulnerabilities-on-Multiple-Products-PSV-2021-0324"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-22-520"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-RVCJ-9XFM-M9HR

Vulnerability from github – Published: 2024-06-25 15:31 – Updated: 2025-12-23 18:30
VLAI
Details

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification

LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to convert, view or otherwise interact with documents.

LibreOffice internally makes use of "curl" to fetch remote resources such as images hosted on webservers.

In affected versions of LibreOffice, when used in LibreOfficeKit mode only, then curl's TLS certification verification was disabled (CURLOPT_SSL_VERIFYPEER of false)

In the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.

This issue affects LibreOffice before version 24.2.4.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-5261"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-06-25T13:15:50Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Certificate Validation vulnerability in LibreOffice \"LibreOfficeKit\" mode disables TLS certification verification\n\nLibreOfficeKit can be used for accessing LibreOffice functionality \nthrough C/C++. Typically this is used by third party components to reuse\n LibreOffice as a library to convert, view or otherwise interact with \ndocuments.\n\nLibreOffice internally makes use of \"curl\" to fetch remote resources such as images hosted on webservers.\n\nIn\n affected versions of LibreOffice, when used in LibreOfficeKit mode \nonly, then curl\u0027s TLS certification verification was disabled \n(CURLOPT_SSL_VERIFYPEER of false)\n\nIn the fixed versions curl operates in LibreOfficeKit mode the same as in standard mode with CURLOPT_SSL_VERIFYPEER of true.\n\nThis issue affects LibreOffice before version 24.2.4.",
  "id": "GHSA-rvcj-9xfm-m9hr",
  "modified": "2025-12-23T18:30:19Z",
  "published": "2024-06-25T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5261"
    },
    {
      "type": "WEB",
      "url": "https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RVPR-922X-MXGG

Vulnerability from github – Published: 2025-11-13 15:30 – Updated: 2025-11-13 15:30
VLAI
Details

Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-30669"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-295"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-13T15:15:51Z",
    "severity": "MODERATE"
  },
  "details": "Improper certificate validation in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via adjacent access.",
  "id": "GHSA-rvpr-922x-mxgg",
  "modified": "2025-11-13T15:30:31Z",
  "published": "2025-11-13T15:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-30669"
    },
    {
      "type": "WEB",
      "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-25044"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Mitigation
Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

CAPEC-459: Creating a Rogue Certification Authority Certificate

An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.

CAPEC-475: Signature Spoofing by Improper Validation

An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.