Home/CWEs/CWE-296/

CWE-296 - Improper Following of a Certificate's Chain of Trust

  • Abstraction:Base
  • Structure:Simple
  • Status:Draft
  • Release Date:2006-07-19
  • Latest Modification Date:2026-04-30

Weakness Name

Improper Following of a Certificate's Chain of Trust

Description

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate.

There are several ways in which the chain of trust might be broken, including but not limited to:

Common Consequences

Scope: Non-Repudiation

Impact: Hide Activities

Notes: Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source.

Scope: Integrity, Confidentiality, Availability, Access Control

Impact: Gain Privileges or Assume Identity, Execute Unauthorized Code or Commands

Notes: Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity.

Related Weaknesses

CWE-295Improper Certificate Validation

CWE-573Improper Following of Specification by Caller