Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CWE-295 (证书验证不恰当) — Vulnerability Class 512

512 vulnerabilities classified as CWE-295 (证书验证不恰当). AI Chinese analysis included.

CWE-295 represents a critical cryptographic weakness where software fails to properly validate digital certificates, undermining the integrity of secure communications. Attackers typically exploit this flaw by performing man-in-the-middle attacks, intercepting traffic between a client and server. By presenting a forged or invalid certificate, adversaries can decrypt sensitive data, inject malicious content, or impersonate legitimate services without detection. This vulnerability is particularly dangerous in applications relying on Transport Layer Security for confidentiality. To prevent such breaches, developers must implement rigorous certificate validation mechanisms, ensuring that the presented certificate is signed by a trusted Certificate Authority and matches the expected hostname. Additionally, enabling Certificate Pinning and strictly rejecting expired or revoked certificates further hardens the application against interception attempts, thereby preserving the authenticity and security of the data exchange.

MITRE CWE Description
The product does not validate, or incorrectly validates, a certificate.
Common Consequences (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
Mitigations (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Examples (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-45170 Idira Privilege Cloud Connector: Potential Security Bypass due to Incomplete TLS Certificate Validation — PAM SH Connector--2026-06-12
CVE-2026-45175 Idira Endpoint Privilege Manager Agent: Security Control and Cryptographic Validation Bypass in Internal Agent Validation Processes — Idira Endpoint Privilege Manager--2026-06-11
CVE-2026-40992 Mail Auto-Configuration Does Not Enable SSL Hostname Verification — Spring Boot 5.0 Medium2026-06-11
CVE-2026-53475 Assisted-migration-agent: tls verification disabled on all vcenter connections 9.3 Critical2026-06-10
CVE-2026-9758 Improper Certificate Validation in S2OPC — S2OPC 7.3 High2026-06-10
CVE-2026-41714 In Spring AMQP the RabbitConnectionFactoryBean.setUri("amqps://...") bypasses secure SSL setup, uses TrustEverythingTrustManager — Spring AMQP 4.0 Medium2026-06-09
CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate — OpenSSL--2026-06-09
CVE-2026-50752 Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1 — Quantum Security Gateway 7.4 High2026-06-08
CVE-2026-45745 Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft — Termix 8.0 High2026-06-05
CVE-2026-41859 BOSH <v282.1.9 HTTP客户端证书验证绕过致凭据泄露 — BOSH 7.8 High2026-06-04
CVE-2026-49267 Apache Airflow: No certificate validation on SMTP STARTTLS connections — Apache Airflow--2026-06-01
CVE-2026-47074 ex_aws_sns SigningCertURL not validated in verify_message/1 — ex_aws_sns--2026-05-28
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification — OTP--2026-05-27
CVE-2026-42791 OCSP responder certificate validity period not checked in public_key — OTP--2026-05-27
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation — OTP--2026-05-27
CVE-2026-44213 OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured — opentelemetry-dotnet-contrib 6.5 Medium2026-05-26
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans — Red Hat Enterprise Linux 10 7.1 High2026-05-26
CVE-2026-44900 epa4all-client: VAU Signature bypass — epa4all-client 8.1 High2026-05-26
CVE-2026-45574 epa4all-client: TLS Certificate Validation Disabled in Production — epa4all-client 8.1 High2026-05-26
CVE-2026-8992 Ivanti Secure Access Client 信任管理问题漏洞 — Secure Access Client 8.8 High2026-05-22
CVE-2025-32745 Dell PowerFlex Manager 信任管理问题漏洞 — PowerFlex Manager (Appliance) 4.2 Medium2026-05-22
CVE-2026-48249 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.inc.php — Tickets 5.9 Medium2026-05-21
CVE-2026-48248 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/login.inc.php — Tickets 5.9 Medium2026-05-21
CVE-2026-48247 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in incs/functions.inc.php — Tickets 5.9 Medium2026-05-21
CVE-2026-48246 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in ajax/reports.php — Tickets 5.9 Medium2026-05-21
CVE-2026-41119 Dell Live Optics 信任管理问题漏洞 — Live Optics 6.8 Medium2026-05-18
CVE-2026-44700 Elixir WebRTC: Missing DTLS peer fingerprint validation in ex_webrtc client-role handshake — ex_webrtc--2026-05-14
CVE-2026-23998 Fleet has a Windows MDM management endpoint authentication bypass — fleet--2026-05-14
CVE-2026-32992 cPanel 信任管理问题漏洞 — cPanel 8.2 High2026-05-13
CVE-2026-44363 Unsafe remote resource fetching in expansion misp-modules — misp-modules--2026-05-13

Vulnerabilities classified as CWE-295 (证书验证不恰当) represent 512 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.