CWE-295
Improper Certificate Validation
AI Translation Available
The product does not validate, or incorrectly validates, a certificate.
Status
draft
Abstraction
base
Affected Platforms
Mobile
Not Technology-Specific
Web Based
Technical Details
AI Translation
Common Consequences
integrity
authentication
Impacts
bypass protection mechanism
gain privileges or assume identity
Detection Methods
automated static analysis - binary or bytecode
manual static analysis - binary or bytecode
dynamic analysis with automated results interpretation
dynamic analysis with manual results interpretation
manual static analysis - source code
automated static analysis - source code
architecture or design review
Potential Mitigations
Phases:
architecture and design
implementation
Descriptions:
•
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
•
Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.