CWE-295

Improper Certificate Validation

BaseDraft

Description

The product does not validate, or incorrectly validates, a certificate.

Hierarchy (View 1000)

Parents

CWE-287

Children

Related attack patterns (CAPEC)

CAPEC-459 · CAPEC-475

CVEs mapped to this weakness (377)

page 14 of 19

CVE	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2016-4467	Med	0.38	5.9	0.00	May 2, 2017	The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when using the SChannel-based security layer, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.
CVE-2017-2110	Med	0.38	5.9	0.00	Apr 28, 2017	The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1519	Med	0.38	5.9	0.00	Apr 21, 2017	The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.
CVE-2016-1221	Med	0.38	5.9	0.00	Apr 21, 2017	Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1210	Med	0.38	5.9	0.00	Apr 21, 2017	The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2016-1198	Med	0.38	5.9	0.00	Apr 21, 2017	Photopt for Android before 2.0.1 does not verify SSL certificates.
CVE-2016-1186	Med	0.38	5.9	0.01	Apr 21, 2017	Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL server certificates.
CVE-2016-4840	Med	0.38	5.9	0.01	Apr 21, 2017	Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus App for iOS 1.0.2 and earlier do not verify SSL certificates.
CVE-2016-4832	Med	0.38	5.9	0.00	Apr 21, 2017	WAON "Service Application" for Android 1.4.1 and earlier does not verify SSL certificates.
CVE-2016-4830	Med	0.38	5.9	0.01	Apr 21, 2017	Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android 2.1.16.1 and earlier do not verify SSL certificates.
CVE-2016-4829	Med	0.38	5.9	0.00	Apr 21, 2017	DMM Movie Player App for Android before 1.2.1, and DMM Movie Player App for iPhone/iPad before 2.1.3 does not verify SSL certificates.
CVE-2016-1184	Med	0.38	5.9	0.00	Apr 21, 2017	Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for iOS before 1.4 do not validate SSL certificates.
CVE-2016-4818	Med	0.38	5.9	0.01	Apr 20, 2017	DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for Android 1.5.0 and earlier, and GAITAMEJAPAN FX Trade for Android 1.4.0 and earlier do not verify SSL certificates.
CVE-2016-9319	Med	0.38	5.9	0.00	Mar 31, 2017	There is Missing SSL Certificate Validation in the Trend Micro Enterprise Mobile Security Android Application before 9.7.1193, aka VRTS-398.
CVE-2016-9892	Med	0.38	5.9	0.00	Mar 2, 2017	The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.
CVE-2012-5821	Med	0.38	5.9	0.00	Nov 4, 2012	Lynx does not verify that the server's certificate is signed by a trusted certification authority, which allows man-in-the-middle attackers to spoof SSL servers via a crafted certificate, related to improper use of a certain GnuTLS function.
CVE-2012-5810	Med	0.38	5.9	0.00	Nov 4, 2012	The Chase mobile banking application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to overriding the default X509TrustManager. NOTE: this vulnerability was fixed in the summer of 2012, but the version number was not changed or is not known.
CVE-2011-0199	Med	0.38	5.9	0.00	Jun 24, 2011	The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 does not perform CRL checking for Extended Validation (EV) certificates that lack OCSP URLs, which might allow man-in-the-middle attackers to spoof an SSL server via a revoked certificate.
CVE-2009-2408	Med	0.38	5.9	0.02	Jul 30, 2009	Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.
CVE-2008-4989	Med	0.38	5.9	0.00	Nov 13, 2008	The _gnutls_x509_verify_certificate function in lib/x509/verify.c in libgnutls in GnuTLS before 2.6.1 trusts certificate chains in which the last certificate is an arbitrary trusted, self-signed certificate, which allows man-in-the-middle attackers to insert a spoofed certificate for any Distinguished Name (DN).