VYPR

CWE-295

Improper Certificate Validation

BaseDraft

Description

The product does not validate, or incorrectly validates, a certificate.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-459 · CAPEC-475

CVEs mapped to this weakness (720)

page 4 of 36
  • CVE-2017-2667HigMar 12, 2018
    risk 0.53cvss 8.1epss 0.01

    Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not explicitly set the verify_ssl flag for apipie-bindings that disable it by default. As a result the server certificates are not checked and connections are prone to man-in-the-middle attacks.

  • CVE-2018-6827HigFeb 9, 2018
    risk 0.53cvss 8.1epss 0.01

    VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information, and consequently execute arbitrary code, via a crafted certificate, as demonstrated by leveraging a…

  • CVE-2018-5761HigJan 22, 2018
    risk 0.53cvss 8.1epss 0.01

    A man-in-the-middle vulnerability related to vCenter access was found in Rubrik CDM 3.x and 4.x before 4.0.4-p2. This vulnerability might expose Rubrik user credentials configured to access vCenter as Rubrik clusters did not verify TLS certificates presented by vCenter.

  • CVE-2017-3194HigDec 16, 2017
    risk 0.53cvss 8.1epss 0.01

    Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.

  • CVE-2017-15114HigNov 27, 2017
    risk 0.53cvss 8.1epss 0.02

    When libvirtd is configured by OSP director (tripleo-heat-templates) to use the TLS transport it defaults to the same certificate authority as all non-libvirtd services. As no additional authentication is configured this allows these services to connect to libvirtd (which is…

  • CVE-2017-1000256HigOct 31, 2017
    risk 0.53cvss 8.1epss 0.02

    libvirt version 2.3.0 and later is vulnerable to a bad default configuration of "verify-peer=no" passed to QEMU by libvirt resulting in a failure to validate SSL/TLS certificates by default.

  • CVE-2017-8059HigMay 5, 2017
    risk 0.53cvss 8.1epss 0.01

    Acceptance of invalid/self-signed TLS certificates in "Foxit PDF - PDF reader, editor, form, signature" before 5.4 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept login information (username/password), in addition to the static…

  • CVE-2016-1148HigApr 21, 2017
    risk 0.53cvss 8.1epss 0.01

    Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.

  • CVE-2017-2784HigApr 20, 2017
    risk 0.53cvss 8.1epss 0.03

    An exploitable free of a stack pointer vulnerability exists in the x509 certificate parsing code of ARM mbed TLS before 1.3.19, 2.x before 2.1.7, and 2.4.x before 2.4.2. A specially crafted x509 certificate, when parsed by mbed TLS library, can cause an invalid free of a stack…

  • CVE-2017-7322HigMar 30, 2017
    risk 0.53cvss 8.1epss 0.01

    The (1) update and (2) package-installation features in MODX Revolution 2.5.4-pl and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and trigger the execution of arbitrary code via a crafted certificate.

  • CVE-2015-8960HigSep 21, 2016
    risk 0.53cvss 8.1epss 0.02

    The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server…

  • CVE-2026-45745HigJun 5, 2026
    risk 0.52cvss 8.0epss 0.00

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic…

  • CVE-2026-42508CriMay 22, 2026
    risk 0.52cvss 9.1epss 0.00

    Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

  • CVE-2026-5194CriApr 9, 2026
    risk 0.52cvss 9.1epss 0.00

    Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature verification functions. This could lead to reduced security of ECDSA…

  • CVE-2024-22030HigOct 16, 2024
    risk 0.52cvss 8.0epss 0.00

    A vulnerability has been identified within Rancher that can be exploited in narrow circumstances through a man-in-the-middle (MITM) attack. An attacker would need to have control of an expired domain or execute a DNS spoofing/hijacking attack against the domain to exploit…

  • CVE-2026-41859HigJun 4, 2026
    risk 0.51cvss 7.8epss 0.00

    A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials (Basic auth header or UAA client secret) and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director…

  • CVE-2024-4762HigDec 16, 2024
    risk 0.51cvss 7.8epss 0.00

    An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges.

  • CVE-2018-10408HigJun 13, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the…

  • CVE-2018-10405HigJun 13, 2018
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is…

  • CVE-2018-10404HigJun 13, 2018
    risk 0.51cvss 7.8epss 0.01

    An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party…