CWE-295— Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.— MITRE CWE catalog
1,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-295page 9 of 25
- CVE-2020-35662HIGHCVSS 7.4EG 7.42021-02-27
In SaltStack Salt before 3002.5, when authenticating to services using certain modules, the SSL certificate is not always validated.
- CVE-2020-35733HIGHCVSS 7.5EG 7.52021-01-15
An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority.
- CVE-2020-36127MEDIUMCVSS 6.5EG 6.52021-05-07
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by an information disclosure vulnerability. Through the PUK signature functionality, an administrator will not have access to the current p12 certificate and password. Whe…
- CVE-2020-36425MEDIUMCVSS 5.3EG 5.32021-07-19
An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
- CVE-2020-36477MEDIUMCVSS 5.9EG 5.92021-08-23
An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAl…
- CVE-2020-36478HIGHCVSS 7.5EG 7.52021-08-23
An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if th…
- CVE-2020-36658HIGHCVSS 8.1EG 8.12023-01-27
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for exam…
- CVE-2020-36659HIGHCVSS 8.1EG 8.12023-01-27
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, …
- CVE-2020-3940MEDIUMCVSS 5.9EG 5.92020-01-17
VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability.
- CVE-2020-3994HIGHCVSS 7.4EG 7.42020-10-20
VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation. A malicious actor with networ…
- CVE-2020-4320MEDIUMCVSS 6.5EG 6.52020-06-16
IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.
- CVE-2020-4340MEDIUMCVSS 4.3EG 4.32020-09-23
IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.
- CVE-2020-4496MEDIUMCVSS 5.9EG 5.92021-12-13
The IBM Spectrum Protect Plus 10.1.0.0 through 10.1.8.x server connection to an IBM Spectrum Protect Plus workload agent is subject to a man-in-the-middle attack due to improper certificate validation. IBM X-Force ID: 182046.
- CVE-2020-4791MEDIUMCVSS 5.3EG 5.32021-02-09
IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to obtain sensitive information using main in the middle attacks due to improper certificate validation. IBM X-Force ID: 189379.
- CVE-2020-5367HIGHCVSS 7.4EG 8.12020-06-23
Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC Unisphere for PowerMax Virtual Appliance versions prior to 9.1.0.17, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthentic…
- CVE-2020-5520HIGHCVSS 7.4EG 7.42020-01-27
The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2020-5521HIGHCVSS 7.4EG 7.42020-01-27
The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2020-5522HIGHCVSS 7.4EG 7.42020-01-27
The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2020-5523HIGHCVSS 7.4EG 7.42020-01-28
Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle atta…
- CVE-2020-5526MEDIUMCVSS 5.9EG 5.92020-01-31
The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2.0.8 does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2020-5684MEDIUMCVSS 4.8EG 4.82020-12-24
iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication …
- CVE-2020-5812MEDIUMCVSS 5.9EG 5.92021-02-06
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
- CVE-2020-5864HIGHCVSS 7.4EG 7.42020-04-23
In versions of NGINX Controller prior to 3.2.0, communication between NGINX Controller and NGINX Plus instances skip TLS verification by default.
- CVE-2020-5909MEDIUMCVSS 5.4EG 5.42020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
- CVE-2020-5913HIGHCVSS 7.4EG 7.42020-08-26
In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.2, the BIG-IP Client or Server SSL profile ignores revoked certificates, even when a valid CRL is present. This impacts SSL/TLS connections a…
- CVE-2020-6175MEDIUMCVSS 5.9EG 5.92020-03-16
Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missing SSL Certificate Validation.
- CVE-2020-6529MEDIUMCVSS 4.3EG 4.32020-07-22
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page.
- CVE-2020-6781MEDIUMCVSS 6.8EG 6.82020-09-16
Improper certificate validation for certain connections in the Bosch Smart Home System App for iOS prior to version 9.17.1 potentially allows to intercept video contents by performing a man-in-the-middle attack.
- CVE-2020-7041MEDIUMCVSS 5.3EG 5.32020-02-27
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because an X509_check_host negative error code is interpreted as a successful return value.
- CVE-2020-7042MEDIUMCVSS 5.3EG 5.32020-02-27
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never …
- CVE-2020-7043CRITICALCVSS 9.1EG 9.12020-02-27
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\x00evil.exam…
- CVE-2020-7904HIGHCVSS 7.4EG 7.42020-01-30
In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS.
- CVE-2020-7919HIGHCVSS 7.5EG 7.52020-03-16
Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate.
- CVE-2020-7922MEDIUMCVSS 6.4EG 6.52020-04-09
X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do no…
- CVE-2020-7924MEDIUMCVSS 4.2EG 4.22021-04-12
Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate validation. This may result in accepting invalid certificates.This issue a…
- CVE-2020-7942MEDIUMCVSS 6.5EG 6.52020-02-19
Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls ba…
- CVE-2020-7956CRITICALCVSS 9.8EG 9.82020-01-31
HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with TLS certificates used for mTLS RPC, and were susceptible to privilege escalation. Fixed in 0.10.3.
- CVE-2020-8156HIGHCVSS 7.0EG 7.02020-05-12
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.
- CVE-2020-8172HIGHCVSS 7.4EG 7.42020-06-08
TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 14.4.0.
- CVE-2020-8241HIGHCVSS 7.5EG 7.52020-10-28
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server.
- CVE-2020-8279HIGHCVSS 7.4EG 7.42020-11-19
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.
- CVE-2020-8286HIGHCVSS 7.5EG 7.52020-12-14
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
- CVE-2020-8289HIGHCVSS 7.8EG 7.82020-12-27
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possib…
- CVE-2020-8987HIGHCVSS 7.4EG 7.42020-03-09
Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special ac…
- CVE-2020-9040HIGHCVSS 7.5EG 7.52020-06-08
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by J…
- CVE-2020-9321HIGHCVSS 7.5EG 7.52020-03-16
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging.
- CVE-2020-9432CRITICALCVSS 9.1EG 9.12020-02-27
openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
- CVE-2020-9433CRITICALCVSS 9.1EG 9.12020-02-27
openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
- CVE-2020-9434CRITICALCVSS 9.1EG 9.12020-02-27
openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.
- CVE-2020-9488LOWCVSS 3.7EG 3.72020-04-27
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed i…
Map vulnerabilities like CWE-295 to your infrastructure
EchelonGraph correlates every CVE — across CWE-295 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →