CWE-295
Improper Certificate Validation
BaseDraft
Description
The product does not validate, or incorrectly validates, a certificate.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-459 · CAPEC-475
CVEs mapped to this weakness (377)
page 3 of 19| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-15114 | Hig | 0.53 | 8.1 | 0.01 | Nov 27, 2017 | When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is equivalent to root access). If a vulnerability exists in another service it could, combined with this flaw, be exploited to escalate privileges to gain control over compute nodes. | |
| CVE-2017-1000256 | Hig | 0.53 | 8.1 | 0.01 | Oct 31, 2017 | libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default. | |
| CVE-2015-5263 | Hig | 0.53 | 8.1 | 0.00 | Sep 25, 2017 | pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | |
| CVE-2017-8059 | Hig | 0.53 | 8.1 | 0.00 | May 5, 2017 | Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static authentication token if the user is already logged in. | |
| CVE-2016-1148 | Hig | 0.53 | 8.1 | 0.00 | Apr 21, 2017 | Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. | |
| CVE-2017-2784 | Hig | 0.53 | 8.1 | 0.03 | Apr 20, 2017 | An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack pointer leading to a potential remote code execution. In order to exploit this vulnerability, an attacker can act as either a client or a server on a network to deliver malicious x509 certificates to vulnerable applications. | |
| CVE-2017-7322 | Hig | 0.53 | 8.1 | 0.01 | Mar 30, 2017 | The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate. | |
| CVE-2015-8960 | Hig | 0.53 | 8.1 | 0.00 | Sep 21, 2016 | The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. | |
| CVE-2024-22030 | Hig | 0.52 | 8.0 | 0.00 | Oct 16, 2024 | A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit this vulnerability. The targeted domain is the one used as the Rancher URL. | |
| CVE-2024-4762 | Hig | 0.51 | 7.8 | 0.00 | Dec 16, 2024 | An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. | |
| CVE-2026-44700 | Hig | 0.50 | — | 0.00 | May 14, 2026 | Elixir WebRTC is an Elixir implementation of the W3C WebRTC API. Prior to 0.15.1 and 0.16.1, missing DTLS peer certificate fingerprint validation in the DTLS client (active) role removes one side of WebRTC's mutual authentication. The bug is not independently exploitable for media interception in standard deployments, but enables a full man-in-the-middle attack when chained with insecure signalling or a peer with similar validation gaps. This vulnerability is fixed in 0.15.1 and 0.16.1. | |
| CVE-2025-66001 | Hig | 0.50 | 8.8 | 0.00 | Jan 8, 2026 | NeuVector supports login authentication through OpenID Connect. However, the TLS verification (which verifies the remote server's authenticity and integrity) for OpenID Connect is not enforced by default. As a result this may expose the system to man-in-the-middle (MITM) attacks. | |
| CVE-2025-9785 | Hig | 0.50 | — | 0.00 | Sep 3, 2025 | PaperCut Print Deploy is an optional component that integrates with PaperCut NG/MF which simplifies printer deployment and management. When the component is deployed to an environment, the customer has an option to configure the system to use a self-signed certificate. If the customer does not fully configure the system to leverage the trust database on the clients, it opens up the communication between clients and the server to man-in-the-middle attacks. It was discovered that certain parts of the documentation related to the configuration of SSL in Print Deploy were lacking, which could potentially contribute to a misconfiguration of the Print Deploy client installation. PaperCut strongly recommends to use valid certificates to secure installations and to follow the updated documentation to ensure the correct SSL configuration. Those who use private CAs and/or self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of their operating system and to the Java key store | |
| CVE-2024-48915 | Hig | 0.50 | — | 0.00 | Oct 15, 2024 | Agent Dart is an agent library built for Internet Computer for Dart and Flutter apps. Prior to version 1.0.0-dev.29, certificate verification in `lib/agent/certificate.dart` does not occur properly. During the delegation verification in the `_checkDelegation` function, the canister_ranges aren't verified. The impact of not checking the canister_ranges is that a subnet can sign canister responses in behalf of another subnet. The certificate’s timestamp, i.e /time path, is also not verified, meaning that the certificate effectively has no expiration time. Version 1.0.0-dev.29 implements appropriate certificate verification. | |
| CVE-2017-11770 | Hig | 0.50 | 7.5 | 0.14 | Nov 15, 2017 | .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate data, aka ".NET CORE Denial Of Service Vulnerability". | |
| CVE-2014-1266 | Hig | 0.50 | 7.4 | 0.18 | Feb 22, 2014 | The SSLVerifySignedServerKeyExchange function in libsecurity_ssl/lib/sslKeyExchange.c in the Secure Transport feature in the Data Security component in Apple iOS 6.x before 6.1.6 and 7.x before 7.0.6, Apple TV 6.x before 6.0.2, and Apple OS X 10.9.x before 10.9.2 does not check the signature in a TLS Server Key Exchange message, which allows man-in-the-middle attackers to spoof SSL servers by (1) using an arbitrary private key for the signing step or (2) omitting the signing step. | |
| CVE-2026-23998 | Hig | 0.49 | 7.5 | 0.00 | May 14, 2026 | Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Fleet’s Windows MDM management endpoint relies on mutual TLS (mTLS) client certificates to authenticate enrolled devices. In affected versions, requests that did not present a client certificate could be incorrectly treated as trusted. As a result, an attacker with prior knowledge of a valid enrolled device identifier could potentially impersonate that device and receive configuration payloads intended for it. These payloads may contain sensitive information such as Wi-Fi or VPN configuration data, certificates, or other secrets delivered through MDM profiles. This issue does not allow enrollment of new devices, administrative access to Fleet, or compromise of the Fleet control plane. Impact is limited to the targeted Windows device. Version 4.81.0 contains a patch. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM. | |
| CVE-2026-32281 | Hig | 0.49 | 7.5 | 0.00 | Apr 8, 2026 | Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool. | |
| CVE-2026-34580 | Hig | 0.49 | 7.5 | 0.00 | Apr 7, 2026 | Botan is a C++ cryptography library. In 3.11.0, the function Certificate_Store::certificate_known had a misleading name; it would return true if any certificate in the store had a DN (and subject key identifier, if set) matching that of the argument. It did not check that the cert it found and the cert it was passed were actually the same certificate. In 3.11.0 an extension of path validation logic was made which assumed that certificate_known only returned true if the certificates were in fact identical. The impact is that if an end entity certificate is presented, and its DN (and subject key identifier, if set) match that of any trusted root, the end entity certificate is accepted immediately as if it itself were a trusted root. , This vulnerability is fixed in 3.11.1. | |
| CVE-2026-35389 | Hig | 0.49 | 7.5 | 0.00 | Apr 6, 2026 | Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate the certificate trust chain (checkChain: false). Any email signed with a self-signed or untrusted certificate was displayed as having a valid signature. This vulnerability is fixed in 1.4.11. |