Improper Certificate Validation

CWE-295

Overtime trend (NVD)

CVSS severity (NVD, All Time)

Per technology (GHSA, All time)

41%-Maven
26%-Nuget
10%-Pip
21%-Others

Short description

The product does not validate, or incorrectly validates, a certificate.

Extended description

When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.

Best practices to prevent this CWE

Phase: Architecture and Design; Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Phase: Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

Recently published CVEs

CVE-2024-28021
CVE-2024-35140
CVE-2024-29072
CVE-2024-33612
CVE-2023-35721

Recently published GHSA

GHSA-9jxc-qjr9-vjxq
GHSA-3gg8-mc87-cq3h
GHSA-h6x7-r5rg-x5fw
GHSA-vh73-q3rw-qx7w
GHSA-hwcc-4cv8-cf3h

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

Get a Demo