Identify Actors

The product does not validate, or incorrectly validates, a certificate.

The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised.

The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resou...

A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is ...

The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

The product does not check the revocation status of a certificate after its initial revocation check, which can cause the product to perform privileged actions even af...

The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary sec...

The product does not properly verify that the source of data or communication is valid.

The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request bef...

This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be ma...