CWE-599

Missing Validation of OpenSSL Certificate

AI Translation Available

The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.

Status

incomplete

Abstraction

variant

Affected Platforms

Technical Details

AI Translation

Common Consequences

confidentiality access control

Impacts

read application data bypass protection mechanism gain privileges or assume identity

Potential Mitigations

Phases:

architecture and design implementation

Descriptions:

• Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.

• Ensure that proper authentication is included in the system design.

AI Generated Translation

Common Consequences

riservatezza controllo degli accessi

Impacts

leggere dati applicazione elusione del meccanismo di protezione ottenere privilegi o assumere identità

Potential Mitigations

Phases:

architettura e design implementazione

Descriptions:

• Comprendere e implementare correttamente tutti i controlli necessari per garantire l'identità delle entità coinvolte nelle comunicazioni criptate.

• Assicurarsi che l'autenticazione corretta sia inclusa nella progettazione del sistema.

CWE-599

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter