CWE-295Improper Certificate Validation

PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30
CWE-295 - Improper Certificate Validation - Diagram

Metadata

CWE ID:
CWE-295
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2026-04-30

名称

Improper Certificate Validation

描述

The product does not validate, or incorrectly validates, a certificate.

常见后果

范围:
Integrity, Authentication
影响:
Bypass Protection Mechanism, Gain Privileges or Assume Identity
注释:
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.

相关 CWE