Improper Certificate Validation

The software does not validate, or incorrectly validates, a certificate.


Description

When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.

Background

A certificate is a token that associates an identity (principal) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner.

Demonstrations

The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.

Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.

Example One

This code checks the certificate of a connected peer.

if ((cert = SSL_get_peer_certificate(ssl)) && host)
  foo=SSL_get_verify_result(ssl);

if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))


  // certificate looks good, host can be trusted

In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or using a MITM attack to modify the traffic from server to client.

Example Two

The following OpenSSL code obtains a certificate and verifies it.

cert = SSL_get_peer_certificate(ssl);
if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) {


  // do secret things


}

Even though the "verify" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate.

Example Three

The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.

if (cert = SSL_get_peer(certificate(ssl)) {

  foo=SSL_get_verify_result(ssl);
  if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))


    //do stuff

If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate.

Example Four

The following OpenSSL code ensures that there is a certificate before continuing execution.

if (cert = SSL_get_peer_certificate(ssl)) {


  // got a certificate, do secret things

Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host.

Example Five

The following OpenSSL code ensures that the host has a certificate.

if (cert = SSL_get_peer_certificate(ssl)) {


  // got certificate, host can be trusted

  //foo=SSL_get_verify_result(ssl);

  //if (X509_V_OK==foo) ...


}

Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate.

See Also

Authentication Errors

Weaknesses in this category are related to authentication components of a system. Frequently these deal with the ability to verify that an entity is indeed who it clai...

OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure

Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2017.

Identify Actors

Weaknesses in this category are related to the design and architecture of a system's identification management components. Frequently these deal with verifying that ex...

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors

CWE entries in this view are listed in the 2019 CWE Top 25 Most Dangerous Software Errors.

Weaknesses without Software Fault Patterns

CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in...


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.