目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-295 证书验证不恰当 类漏洞列表 502

CWE-295 证书验证不恰当 类弱点 502 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-295 属于证书验证不当漏洞,指软件未正确验证数字证书的有效性或完整性。攻击者常利用此缺陷实施中间人攻击,通过伪造证书拦截并篡改通信数据,窃取敏感信息或注入恶意代码。开发者应确保严格校验证书链、域名匹配及有效期,禁用弱算法,并启用证书固定机制,以保障传输层安全,防止身份冒充和数据泄露。

MITRE CWE 官方描述
CWE:CWE-295 证书验证不当 英文:产品未对证书进行验证,或验证不正确。
常见影响 (1)
Integrity, AuthenticationBypass Protection Mechanism, Gain Privileges or Assume Identity
When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting s…
缓解措施 (2)
Architecture and Design, ImplementationCertificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.
ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
代码示例 (2)
This code checks the certificate of a connected peer.
if ((cert = SSL_get_peer_certificate(ssl)) && host) foo=SSL_get_verify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) // certificate looks good, host can be trusted
Bad · C
The following OpenSSL code obtains a certificate and verifies it.
cert = SSL_get_peer_certificate(ssl); if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) { // do secret things }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2023-47742 IBM QRadar Suite 安全漏洞 — QRadar Suite Products 5.9 Medium2024-03-03
CVE-2024-25141 Apache Airflow 信任管理问题漏洞 — Apache Airflow Mongo Provider 7.5AIHighAI2024-02-20
CVE-2023-49250 Apache DolphinScheduler 信任管理问题漏洞 — Apache DolphinScheduler 7.4AIHighAI2024-02-20
CVE-2023-47537 Fortinet FortiOS 信任管理问题漏洞 — FortiOS 4.4 Medium2024-02-15
CVE-2024-25642 SAP Cloud Connector 信任管理问题漏洞 — SAP Cloud Connector 7.4 High2024-02-13
CVE-2023-47700 IBM SAN Volume Controller 信任管理问题漏洞 — Storage Virtualize 5.9 Medium2024-02-07
CVE-2023-43017 IBM Security Verify Access 信任管理问题漏洞 — Security Verify Access Appliance 8.2 High2024-02-07
CVE-2023-32330 IBM Security Verify Access 信任管理问题漏洞 — Security Verify Access Appliance 7.5 High2024-02-07
CVE-2024-1052 HashiCorp Boundary 安全漏洞 — Boundary 8.0 High2024-02-05
CVE-2020-29504 Dell BSAFE Micro Edition Suite 安全漏洞 — BSAFE Crypto-C Micro Edition 7.4 High2024-02-02
CVE-2023-28807 Zscaler Internet Access 安全漏洞 — ZIA 5.1 Medium2024-01-31
CVE-2023-50356 AREAL Topkapi 信任管理问题漏洞 — Topkapi Vision (Server) 6.5 Medium2024-01-31
CVE-2023-6043 Lenovo Vantage 信任管理问题漏洞 — Vantage 7.8 High2024-01-19
CVE-2023-51662 snowflake-connector-net 信任管理问题漏洞 — snowflake-connector-net 6.0 Medium2023-12-22
CVE-2023-5594 部分ESET产品 安全漏洞 — ESET NOD32 Antivirus 7.5 High2023-12-21
CVE-2023-1514 Hitachi Energy RTU500 信任管理问题漏洞 — RTU500 Scripting Interface 7.4 High2023-12-19
CVE-2023-6680 GitLab 信任管理问题漏洞 — GitLab 7.4 High2023-12-15
CVE-2023-48427 Siemens SINEC INS 信任管理问题漏洞 — SINEC INS 8.1 High2023-12-12
CVE-2023-49247 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.5AIHighAI2023-12-06
CVE-2023-43082 Dell Unity 安全漏洞 — Unity 8.6 High2023-11-22
CVE-2023-31421 Elasticsearch 安全漏洞 — Beats 5.9 Medium2023-10-26
CVE-2022-3761 OpenVPN Connect 信任管理问题漏洞 — OpenVPN Connect 7.4 -2023-10-17
CVE-2022-43892 IBM Security Verify Privilege Manager 信任管理问题漏洞 — Security Verify Privilege 3.7 Low2023-10-17
CVE-2022-22380 IBM Security Verify Privilege Manager 信任管理问题漏洞 — Security Verify Privilege 5.0 Medium2023-10-17
CVE-2023-5422 OTRS 信任管理问题漏洞 — OTRS 8.7 High2023-10-16
CVE-2023-45613 JetBrains Ktor 信任管理问题漏洞 — Ktor 6.8 Medium2023-10-09
CVE-2023-2422 Red Hat Keycloak 信任管理问题漏洞 — Red Hat Single Sign-On 7 5.5 Medium2023-10-04
CVE-2023-4801 Proofpoint Insider Threat Management 信任管理问题漏洞 — Insider Threat Management 7.5 High2023-09-13
CVE-2023-41180 Apache NiFi 信任管理问题漏洞 — Apache NiFi MiNiFi C++ 5.9 -2023-09-03
CVE-2023-39441 Apache Airflow 信任管理问题漏洞 — Apache Airflow SMTP Provider 6.8 -2023-08-23

CWE-295(证书验证不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 502 条 CVE 漏洞。