CWE - CWE-295: Certificate Issues (1.4)

Home > CWE List > CWE- Individual Dictionary Definition (1.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-295: Certificate Issues

Individual Definition in a New Window

Certificate Issues

Status: Incomplete

Category ID: 295 (Category)

Description

Summary

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Applicable Platforms

Languages

All

Background Details

A certificate is a token that associates an identity (principle) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	254	Security Features	Development Concepts (primary)699
ChildOf	Category	731	OWASP Top Ten 2004 Category A10 - Insecure Configuration Management	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	296	Improper Following of Chain of Trust for Certificate Validation	Development Concepts (primary)699
ParentOf	Weakness Base	297	Improper Validation of Host-specific Certificate Data	Development Concepts (primary)699
ParentOf	Weakness Base	298	Improper Validation of Certificate Expiration	Development Concepts (primary)699
ParentOf	Weakness Base	299	Improper Check for Certificate Revocation	Development Concepts (primary)699

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
OWASP Top Ten 2004	A10	CWE More Specific	Insecure Configuration Management

References

M. Bishop. "Computer Security: Art and Science". Addison-Wesley. 2003.

Content History

Modifications

Veracode. 2008-08-15. (External)

Suggested OWASP Top Ten 2004 mapping

CWE Content Team. MITRE. 2008-09-08. (Internal)

updated Relationships, Taxonomy_Mappings

CWE Content Team. MITRE. 2008-10-14. (Internal)

updated Background_Details, Description

Page Last Updated: May 26, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us