CWE-295 (Improper Certificate Validation) is a common software weakness type identified by the CWE (Common Weakness Enumeration) dictionary. It helps developers understand security flaws and how to mitigate them.

What is the difference between CVE and CWE?

CWE refers to the type of software weakness (the root cause), while CVE refers to a specific instance of a vulnerability in a particular product or system.

CWE-295

Improper Certificate Validation

Weakness Description

The product does not validate, or incorrectly validates, a certificate.

Potential Mitigations

Architecture and DesignImplementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

Common Consequences

IntegrityAuthentication

Bypass Protection MechanismGain Privileges or Assume Identity

When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.

Detection Methods

Automated Static Analysis - Binary or Bytecode

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Bytecode Weakness Analysis - including disassembler + source code weakness analysis Binary Weakness Analysis - including disassembler + source code weakness analysis

Effectiveness: SOAR Partial

Manual Static Analysis - Binary or Bytecode

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Effectiveness: SOAR Partial

Dynamic Analysis with Automated Results Interpretation

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Web Application Scanner

Effectiveness: SOAR Partial

Dynamic Analysis with Manual Results Interpretation

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Man-in-the-middle attack tool

Effectiveness: High

Manual Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)

Effectiveness: High

Automated Static Analysis - Source Code

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Cost effective for partial coverage: ``` Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer

Effectiveness: SOAR Partial

Architecture or Design Review

According to SOAR [REF-1479], the following detection techniques may be useful: ``` Highly cost effective: ``` Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Effectiveness: High

Related Weaknesses

CWE-287 CWE-287 CWE-322

Related Resources

Browse CWE Database

Explore 493 software weaknesses

CVE Database

Search 294,000+ vulnerabilities

Security Writeups

Learn from real-world examples

About 4nuxd

Cybersecurity research & tools

Contact Us

Get in touch for collaboration

Homepage

Explore more security resources