CWE-295
AllowedImproper Certificate Validation
Abstraction: Base · Status: Draft
The product does not validate, or incorrectly validates, a certificate.
1908 vulnerabilities reference this CWE, most recent first.
GHSA-2FVW-PPFC-CM77
Vulnerability from github – Published: 2023-10-09 12:30 – Updated: 2024-04-04 08:26In JetBrains Ktor before 2.3.5 server certificates were not verified
{
"affected": [],
"aliases": [
"CVE-2023-45613"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-09T11:15:11Z",
"severity": "CRITICAL"
},
"details": "In JetBrains Ktor before 2.3.5 server certificates were not verified",
"id": "GHSA-2fvw-ppfc-cm77",
"modified": "2024-04-04T08:26:01Z",
"published": "2023-10-09T12:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-45613"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2G28-JXX8-MJ9H
Vulnerability from github – Published: 2022-05-14 03:07 – Updated: 2025-04-20 03:46On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
{
"affected": [],
"aliases": [
"CVE-2017-1000097"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-05T01:29:00Z",
"severity": "HIGH"
},
"details": "On Darwin, user\u0027s trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.",
"id": "GHSA-2g28-jxx8-mj9h",
"modified": "2025-04-20T03:46:19Z",
"published": "2022-05-14T03:07:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000097"
},
{
"type": "WEB",
"url": "https://github.com/golang/go/issues/18141"
},
{
"type": "WEB",
"url": "https://go-review.googlesource.com/c/33721"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ"
},
{
"type": "WEB",
"url": "https://groups.google.com/forum/#%21msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2H32-H397-QGV2
Vulnerability from github – Published: 2023-12-12 15:30 – Updated: 2023-12-14 21:31An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.
{
"affected": [],
"aliases": [
"CVE-2020-12614"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-12T15:15:07Z",
"severity": "HIGH"
},
"details": "An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator.",
"id": "GHSA-2h32-h397-qgv2",
"modified": "2023-12-14T21:31:15Z",
"published": "2023-12-12T15:30:59Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-12614"
},
{
"type": "WEB",
"url": "https://www.beyondtrust.com/support/changelog/privilege-management-for-windows-5-6-sr1"
},
{
"type": "WEB",
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-10"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2H34-774G-95VX
Vulnerability from github – Published: 2022-05-17 00:35 – Updated: 2022-05-17 00:35The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
{
"affected": [],
"aliases": [
"CVE-2015-3420"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-09-19T15:29:00Z",
"severity": "MODERATE"
},
"details": "The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.",
"id": "GHSA-2h34-774g-95vx",
"modified": "2022-05-17T00:35:10Z",
"published": "2022-05-17T00:35:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3420"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216057"
},
{
"type": "WEB",
"url": "https://dovecot.org/pipermail/dovecot-news/2015-May/000292.html"
},
{
"type": "WEB",
"url": "https://dovecot.org/pipermail/dovecot/2015-April/100618.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157030.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158236.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158261.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/04/27/1"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/04/28/4"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74335"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-2H95-4XW9-M68J
Vulnerability from github – Published: 2022-05-13 01:31 – Updated: 2024-01-09 17:59An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.10"
},
"package": {
"ecosystem": "Maven",
"name": "org.jenkins-ci.plugins:active-directory"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-1003009"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-09T17:59:20Z",
"nvd_published_at": "2019-02-06T16:29:00Z",
"severity": "HIGH"
},
"details": "An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/active_directory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/active_directory/ActiveDirectorySecurityRealm.java, src/main/java/hudson/plugins/active_directory/ActiveDirectoryUnixAuthenticationProvider.java that allows attackers to impersonate the Active Directory server Jenkins connects to for authentication if Jenkins is configured to use StartTLS.",
"id": "GHSA-2h95-4xw9-m68j",
"modified": "2024-01-09T17:59:20Z",
"published": "2022-05-13T01:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-1003009"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/active-directory-plugin/commit/520faf5bb1078d75e5fed10b7bf5ac6241fe2fc4"
},
{
"type": "PACKAGE",
"url": "https://github.com/jenkinsci/active-directory-plugin"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-01-28/#SECURITY-859"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Jenkins Active Directory Plugin Improper certificate validation with StartTLS"
}
GHSA-2HFG-HGHR-46WQ
Vulnerability from github – Published: 2023-02-07 00:30 – Updated: 2025-03-26 21:30BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.
{
"affected": [],
"aliases": [
"CVE-2022-46496"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-06T23:15:00Z",
"severity": "MODERATE"
},
"details": "BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.",
"id": "GHSA-2hfg-hghr-46wq",
"modified": "2025-03-26T21:30:50Z",
"published": "2023-02-07T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46496"
},
{
"type": "WEB",
"url": "https://labs.integrity.pt/advisories/cve-2022-46496"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2HGG-G6CR-365F
Vulnerability from github – Published: 2025-05-16 21:32 – Updated: 2025-05-17 03:30Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.
{
"affected": [],
"aliases": [
"CVE-2025-32407"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-16T21:15:35Z",
"severity": "MODERATE"
},
"details": "Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor.",
"id": "GHSA-2hgg-g6cr-365f",
"modified": "2025-05-17T03:30:32Z",
"published": "2025-05-16T21:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32407"
},
{
"type": "WEB",
"url": "https://github.com/diegovargasj/CVE-2025-32407"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2J5Q-9JW8-9QJ5
Vulnerability from github – Published: 2026-07-01 18:31 – Updated: 2026-07-01 18:31A vulnerability was discovered on Stormshield Network Security 4.3.0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)
A revoked client certificate can still be used to authenticate to the captive‑admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.
{
"affected": [],
"aliases": [
"CVE-2026-8480"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T16:16:53Z",
"severity": "MODERATE"
},
"details": "A vulnerability was discovered on Stormshield Network Security 4.3.0\u00a0 to 4.3.41 (included), 4.4.0 to 4.8.15 (included) , 5.0.2 EA to 5.0.5 (included)\n\n\n\nA revoked client certificate can still be used to authenticate to the captive\u2011admin portal, allowing an attacker who possesses the revoked certificate to gain administrative access.",
"id": "GHSA-2j5q-9jw8-9qj5",
"modified": "2026-07-01T18:31:51Z",
"published": "2026-07-01T18:31:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8480"
},
{
"type": "WEB",
"url": "https://advisories.stormshield.eu/2026-002"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-2J5W-CWC3-8HXW
Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2022-11-01 22:49Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.inflectra.spiratest.plugins:inflectra-spira-integration"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-16558"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-01T22:49:48Z",
"nvd_published_at": "2019-12-17T15:15:00Z",
"severity": "HIGH"
},
"details": "Jenkins Spira Importer Plugin 3.2.3 and earlier disables SSL/TLS certificate validation for the Jenkins master JVM.",
"id": "GHSA-2j5w-cwc3-8hxw",
"modified": "2022-11-01T22:49:48Z",
"published": "2022-05-24T17:03:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16558"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2019-12-17/#SECURITY-1580"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2019/12/17/1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Improper Certificate Validation in Jenkins Spira Importer Plugin"
}
GHSA-2J9R-F764-3C88
Vulnerability from github – Published: 2022-05-17 02:28 – Updated: 2025-04-20 03:39The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
{
"affected": [],
"aliases": [
"CVE-2017-9599"
],
"database_specific": {
"cwe_ids": [
"CWE-295"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T12:29:00Z",
"severity": "MODERATE"
},
"details": "The \"Fountain Trust Mobile Banking\" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.",
"id": "GHSA-2j9r-f764-3c88",
"modified": "2025-04-20T03:39:14Z",
"published": "2022-05-17T02:28:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9599"
},
{
"type": "WEB",
"url": "https://itunes.apple.com/us/app/fountain-trust-mobile-banking/id891343006"
},
{
"type": "WEB",
"url": "https://medium.com/%40chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
},
{
"type": "WEB",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
Mitigation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
CAPEC-459: Creating a Rogue Certification Authority Certificate
An adversary exploits a weakness resulting from using a hashing algorithm with weak collision resistance to generate certificate signing requests (CSR) that contain collision blocks in their "to be signed" parts. The adversary submits one CSR to be signed by a trusted certificate authority then uses the signed blob to make a second certificate appear signed by said certificate authority. Due to the hash collision, both certificates, though different, hash to the same value and so the signed blob works just as well in the second certificate. The net effect is that the adversary's second X.509 certificate, which the Certification Authority has never seen, is now signed and validated by that Certification Authority.
CAPEC-475: Signature Spoofing by Improper Validation
An adversary exploits a cryptographic weakness in the signature verification algorithm implementation to generate a valid signature without knowing the key.