1. Home
  2. Weaknesses
  3. CWE-297

CWE-297: Improper Validation of Certificate with Host Mismatch

ID CWE-297
Abstraction Variant
Structure Simple
Status Incomplete
Number of CVEs 30
Detail Dashboard Vulnerabilities Web & Social
The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

Even if a certificate is well-formed, signed, and follows the chain of trust, it may simply be a valid certificate for a different site than the site that the product is interacting with. If the certificate's host-specific data is not properly checked - such as the Common Name (CN) in the Subject or the Subject Alternative Name (SAN) extension of an X.509 certificate - it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host. In order to ensure data integrity, the certificate must be valid and it must pertain to the site that is being accessed.

Even if the product attempts to check the hostname, it is still possible to incorrectly check the hostname. For example, attackers could create a certificate with a name that begins with a trusted name followed by a NUL byte, which could cause some string-based comparisons to only examine the portion that contains the trusted name.

This weakness can occur even when the product uses Certificate Pinning, if the product does not verify the hostname at the time a certificate is pinned.

Modes of Introduction

Phase Note
Implementation When the product uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete.
Implementation REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Technology Mobile
Technology Not Technology-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-923 Improper Restriction of Communication Channel to Intended Endpoints Class Simple Incomplete
CWE-1000 Research Concepts Draft CWE-295 Improper Certificate Validation Base Simple Draft

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date