CWE-295
Improper Certificate Validation
Description
The product does not validate, or incorrectly validates, a certificate.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-459 · CAPEC-475
CVEs mapped to this weakness (720)
page 15 of 36| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2014-3607 | — | Med | 0.38 | 5.9 | 0.01 | Jan 8, 2018 | DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid… | |
| CVE-2017-17718 | Med | 0.38 | 5.9 | 0.01 | Dec 17, 2017 | The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation. | ||
| CVE-2017-17716 | Med | 0.38 | 5.9 | 0.01 | Dec 17, 2017 | GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the… | ||
| CVE-2017-1000209 | Med | 0.38 | 5.9 | 0.01 | Nov 17, 2017 | The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary… | ||
| CVE-2014-2845 | Med | 0.38 | 5.9 | 0.01 | Nov 15, 2017 | Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority. | ||
| CVE-2017-2913 | Med | 0.38 | 5.9 | 0.01 | Nov 7, 2017 | An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to… | ||
| CVE-2014-7242 | Med | 0.38 | 5.9 | 0.01 | Oct 18, 2017 | The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify… | ||
| CVE-2014-3706 | Med | 0.38 | 5.9 | 0.01 | Oct 18, 2017 | ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates. | ||
| CVE-2015-6358 | Med | 0.38 | 5.9 | 0.01 | Oct 12, 2017 | Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys… | ||
| CVE-2015-7778 | Med | 0.38 | 5.9 | 0.01 | Oct 10, 2017 | Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks. | ||
| CVE-2017-12228 | Med | 0.38 | 5.9 | 0.01 | Sep 29, 2017 | A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due… | ||
| CVE-2015-0874 | Med | 0.38 | 5.9 | 0.01 | Sep 26, 2017 | Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate. | ||
| CVE-2015-7785 | Med | 0.38 | 5.9 | 0.01 | Sep 25, 2017 | GANMA! App for iOS does not verify SSL certificates. | ||
| CVE-2015-5666 | Med | 0.38 | 5.9 | 0.01 | Sep 25, 2017 | ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates. | ||
| CVE-2016-10511 | Med | 0.38 | 5.9 | 0.01 | Sep 18, 2017 | The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable… | ||
| CVE-2017-14420 | Med | 0.38 | 5.9 | 0.01 | Sep 13, 2017 | The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and… | ||
| CVE-2017-14419 | Med | 0.38 | 5.9 | 0.01 | Sep 13, 2017 | The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service… | ||
| CVE-2015-2943 | Med | 0.38 | 5.9 | 0.01 | Sep 6, 2017 | Honda Moto LINC 1.6.1 does not verify SSL certificates. | ||
| CVE-2015-0210 | Med | 0.38 | 5.9 | 0.01 | Aug 28, 2017 | wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack. | ||
| CVE-2015-2674 | Med | 0.38 | 5.9 | 0.01 | Aug 9, 2017 | Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument. |
- risk 0.38cvss 5.9epss 0.01
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid…
- risk 0.38cvss 5.9epss 0.01
The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL Certificate Validation.
- risk 0.38cvss 5.9epss 0.01
GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap library and the…
- risk 0.38cvss 5.9epss 0.01
The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary…
- risk 0.38cvss 5.9epss 0.01
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root Certification Authority.
- risk 0.38cvss 5.9epss 0.01
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to…
- risk 0.38cvss 5.9epss 0.01
The SumaHo application 3.0.0 and earlier for Android and the SumaHo "driving capability" diagnosis result transmission application 1.2.2 and earlier for Android allow man-in-the-middle attackers to spoof servers and obtain sensitive information by leveraging failure to verify…
- risk 0.38cvss 5.9epss 0.01
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
- risk 0.38cvss 5.9epss 0.01
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys…
- risk 0.38cvss 5.9epss 0.01
Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attackers to perform man-in-the-middle attacks.
- risk 0.38cvss 5.9epss 0.01
A vulnerability in the Cisco Network Plug and Play application of Cisco IOS 12.4 through 15.6 and Cisco IOS XE 3.3 through 16.4 could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data by using an invalid certificate. The vulnerability is due…
- risk 0.38cvss 5.9epss 0.01
Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.
- risk 0.38cvss 5.9epss 0.01
GANMA! App for iOS does not verify SSL certificates.
- risk 0.38cvss 5.9epss 0.01
ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and earlier does not verify SSL certificates.
- risk 0.38cvss 5.9epss 0.01
The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and potentially enable…
- risk 0.38cvss 5.9epss 0.01
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and…
- risk 0.38cvss 5.9epss 0.01
The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even though a TCP relay service…
- risk 0.38cvss 5.9epss 0.01
Honda Moto LINC 1.6.1 does not verify SSL certificates.
- risk 0.38cvss 5.9epss 0.01
wpa_supplicant 2.0-16 does not properly check certificate subject name, which allows remote attackers to cause a man-in-the-middle attack.
- risk 0.38cvss 5.9epss 0.01
Restkit allows man-in-the-middle attackers to spoof TLS servers by leveraging use of the ssl.wrap_socket function in Python with the default CERT_NONE value for the cert_reqs argument.