CWE-295β€”Improper Certificate Validation

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2026-04-30
CWE-295 - Improper Certificate Validation - Diagram

Metadata

CWE ID:
CWE-295
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

Improper Certificate Validation

Description

The product does not validate, or incorrectly validates, a certificate.

Common Consequences

Scope:
Integrity, Authentication
Impact:
Bypass Protection Mechanism, Gain Privileges or Assume Identity
Notes:
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.

Related Weaknesses