CWE - CWE-296: Improper Following of Chain of Trust for Certificate Validation (1.6)

Home > CWE List > CWE- Individual Dictionary Definition (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-296: Improper Following of Chain of Trust for Certificate Validation

Improper Following of Chain of Trust for Certificate Validation

Weakness ID: 296 (Weakness Base)

Status: Draft

Description

Description Summary

The chain of trust is not followed or is incorrectly followed when validating a certificate, resulting in incorrect trust of any resource that is associated with that certificate.

Time of Introduction

Architecture and Design

Applicable Platforms

Languages

All

Common Consequences

Scope	Effect
Authentication	Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source.
Accountability	Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity.

Likelihood of Exploit

Low

Demonstrative Examples

Example 1

(Bad Code)

C and C++

if (!(cert = SSL_get_peer(certificate(ssl)) || !host)foo=SSL_get_verify_result(ssl);

if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo)) //do stuff

Potential Mitigations

Phase	Description
Architecture and Design	Ensure that proper certificate checking is included in the system design.
Implementation	Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity.

Other Notes

If a system fails to follow the chain of trust of a certificate to a root server, the certificate loses all usefulness as a metric of trust. Essentially, the trust gained from a certificate is derived from a chain of trust -- with a reputable trusted entity at the end of that list. The end user must trust that reputable source, and this reputable source must vouch for the resource in question through the medium of the certificate. In some cases, this trust traverses several entities who vouch for one another. The entity trusted by the end user is at one end of this trust chain, while the certificate wielding resource is at the other end of the chain. If the user receives a certificate at the end of one of these trust chains and then proceeds to check only that the first link in the chain, no real trust has been derived, since you must traverse the chain to a trusted source to verify the certificate.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	295	Certificate Issues	Development Concepts (primary)699
PeerOf	Weakness Base	297	Improper Validation of Host-specific Certificate Data	Research Concepts1000
PeerOf	Weakness Base	298	Improper Validation of Certificate Expiration	Research Concepts1000
PeerOf	Weakness Base	299	Improper Check for Certificate Revocation	Research Concepts1000
PeerOf	Weakness Base	322	Key Exchange without Entity Authentication	Research Concepts1000
ChildOf	Weakness Class	573	Failure to Follow Specification	Research Concepts (primary)1000
ChildOf	Category	724	OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management	Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOf	Weakness Class	754	Improper Check for Exceptional Conditions	Research Concepts1000
PeerOf	Weakness Base	370	Missing Check for Certificate Revocation after Initial Check	Research Concepts1000

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
CLASP			Failure to follow chain of trust in certificate validation

Content History

Submissions
Submission Date	Submitter	Organization	Source
	CLASP		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Time of Introduction
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Common Consequences, Relationships, Other Notes, Taxonomy Mappings
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Description, Name, Relationships
2009-05-27	CWE Content Team	MITRE	Internal
2009-05-27	updated Demonstrative Examples
2009-07-27	CWE Content Team	MITRE	Internal
2009-07-27	updated Demonstrative Examples

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us