VYPR

CWE-295

Improper Certificate Validation

BaseDraft

Description

The product does not validate, or incorrectly validates, a certificate.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-459 · CAPEC-475

CVEs mapped to this weakness (720)

page 12 of 36
  • CVE-2018-12608HigSep 10, 2018
    risk 0.42cvss 7.5epss 0.01

    An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a…

  • CVE-2017-12195MedJul 27, 2018
    risk 0.42cvss 6.5epss 0.01

    A flaw was found in all Openshift Enterprise versions using the openshift elasticsearch plugin. An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires…

  • CVE-2017-2639MedJul 27, 2018
    risk 0.42cvss 6.5epss 0.01

    It was found that CloudForms does not verify that the server hostname matches the domain name in the certificate when using a custom CA and communicating with Red Hat Virtualization (RHEV) and OpenShift. This would allow an attacker to spoof RHEV or OpenShift systems and…

  • CVE-2018-6374MedJan 31, 2018
    risk 0.42cvss 6.5epss 0.01

    The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set.

  • CVE-2015-2319HigJan 8, 2018
    risk 0.42cvss 7.5epss 0.03

    The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204.

  • CVE-2014-3250MedDec 11, 2017
    risk 0.42cvss 6.5epss 0.01

    The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certificate when a Puppet master runs with Apache 2.4.

  • CVE-2016-1252MedDec 5, 2017
    risk 0.42cvss 5.9epss 0.07

    The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a…

  • CVE-2017-1000097HigOct 5, 2017
    risk 0.42cvss 7.5epss 0.01

    On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

  • CVE-2017-7971MedSep 26, 2017
    risk 0.42cvss 6.5epss 0.01

    A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SSL Certificate.

  • CVE-2013-6662MedApr 13, 2017
    risk 0.42cvss 6.5epss 0.00

    Google Chrome caches TLS sessions before certificate validation occurs.

  • CVE-2013-7450HigApr 3, 2017
    risk 0.42cvss 7.5epss 0.01

    Pulp before 2.3.0 uses the same the same certificate authority key and certificate for all installations.

  • CVE-2026-41132HigMay 13, 2026
    risk 0.41cvss 7.4epss 0.00

    CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-signed), leaving credentials and all emails sent open to MITM attacks. This…

  • CVE-2026-42011HigMay 7, 2026
    risk 0.41cvss 7.4epss 0.00

    A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during…

  • CVE-2026-32144HigApr 7, 2026
    risk 0.41cvss 7.4epss 0.00

    Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder authorization bypass via missing signature verification. The OCSP response validation in public_key:pkix_ocsp_validate/5 does not verify that a…

  • CVE-2026-33896HigMar 27, 2026
    risk 0.41cvss 7.4epss 0.00

    Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraints requirements when an intermediate certificate lacks both the…

  • CVE-2019-12098HigMay 15, 2019
    risk 0.41cvss 7.4epss 0.02

    In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5_init_creds_step in lib/krb5/init_creds_pw.c.

  • CVE-2018-1999025HigAug 1, 2018
    risk 0.41cvss 7.4epss 0.01

    A man in the middle vulnerability exists in Jenkins TraceTronic ECU-TEST Plugin 2.3 and earlier in ATXPublisher.java, ATXValidator.java that allows attackers to impersonate any service that Jenkins connects to.

  • CVE-2026-0248MedMay 13, 2026
    risk 0.40cvss epss 0.00

    An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate…

  • CVE-2026-1777HigFeb 2, 2026
    risk 0.40cvss 7.2epss 0.00

    The Amazon SageMaker Python SDK before v3.2.0 and v2.256.0 includes the ModelBuilder HMAC signing key in the cleartext response elements of the DescribeTrainingJob function. A third party with permissions to both call this API and permissions to modify objects in the Training…

  • CVE-2026-42012HigMay 26, 2026
    risk 0.39cvss 7.1epss 0.00

    A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to…