CWE-295—Improper Certificate Validation
PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30
Metadata
- CWE ID:
- CWE-295
- 摘要:
- Base
- 结构:
- Simple
- 状态:
- Draft
- 发布日期:
- 2006-07-19
- 更新日期:
- 2026-04-30
名称
Improper Certificate Validation
描述
The product does not validate, or incorrectly validates, a certificate.
常见后果
- 范围:
- Integrity, Authentication
- 影响:
- Bypass Protection Mechanism, Gain Privileges or Assume Identity
- 注释:
- When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.