VYPR

CWE-299

Improper Check for Certificate Revocation

BaseDraftLikelihood: Medium

Description

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

An improper check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.

Hierarchy (View 1000)

Children

CVEs mapped to this weakness (3)

  • CVE-2025-11955HigOct 27, 2025
    risk 0.53cvss epss 0.00

    Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.

  • CVE-2026-6899MedJun 9, 2026
    risk 0.36cvss 5.6epss 0.00

    Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connection between an OPC UA client and server using a revoked certificate.

  • CVE-2024-56138MedJan 13, 2025
    risk 0.19cvss 4.0epss 0.00

    notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the…