CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.1)  
ID

CWE-297: Improper Validation of Certificate with Host Mismatch

Weakness ID: 297
Abstraction: Variant
Structure: Simple
Status: Incomplete
Presentation Filter:
+ Description
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
+ Extended Description

Even if a certificate is well-formed, signed, and follows the chain of trust, it may simply be a valid certificate for a different site than the site that the software is interacting with. If the certificate's host-specific data is not properly checked - such as the Common Name (CN) in the Subject or the Subject Alternative Name (SAN) extension of an X.509 certificate - it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host. In order to ensure data integrity, the certificate must be valid and it must pertain to the site that is being accessed.

Even if the software attempts to check the hostname, it is still possible to incorrectly check the hostname. For example, attackers could create a certificate with a name that begins with a trusted name followed by a NUL byte, which could cause some string-based comparisons to only examine the portion that contains the trusted name.

This weakness can occur even when the software uses Certificate Pinning, if the software does not verify the hostname at the time a certificate is pinned.

+ Relationships

The table(s) below shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.

+ Relevant to the view "Research Concepts" (CWE-1000)
NatureTypeIDName
ChildOfBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.295Improper Certificate Validation
ChildOfClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.923Improper Restriction of Communication Channel to Intended Endpoints
PeerOfVariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.370Missing Check for Certificate Revocation after Initial Check
+ Relevant to the view "Weaknesses for Simplified Mapping of Published Vulnerabilities" (CWE-1003)
NatureTypeIDName
ChildOfBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.295Improper Certificate Validation
+ Relevant to the view "Architectural Concepts" (CWE-1008)
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.1014Identify Actors
+ Relevant to the view "Development Concepts" (CWE-699)
NatureTypeIDName
ChildOfBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.295Improper Certificate Validation
+ Modes Of Introduction

The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the software life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.

PhaseNote
Architecture and DesignREALIZATION: This weakness is caused during implementation of an architectural security tactic.
ImplementationWhen the software uses certificate pinning, the developer might not properly validate all relevant components of the certificate before pinning the certificate. This can make it difficult or expensive to test after the pinning is complete.
+ Applicable Platforms
The listings below show possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.

Languages

Class: Language-Independent (Undetermined Prevalence)

Paradigms

Mobile (Undetermined Prevalence)

+ Common Consequences

The table below specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.

ScopeImpactLikelihood
Access Control

Technical Impact: Gain Privileges or Assume Identity

The data read from the system vouched for by the certificate may not be from the expected system.
Authentication
Other

Technical Impact: Other

Trust afforded to the system in question - based on the malicious certificate - may allow for spoofing or redirection attacks.
+ Likelihood Of Exploit
High
+ Demonstrative Examples

Example 1

The following OpenSSL code obtains a certificate and verifies it.

(bad code)
Example Language:
cert = SSL_get_peer_certificate(ssl);
if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) {

// do secret things
}

Even though the "verify" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate.

+ Observed Examples
ReferenceDescription
Mobile banking application does not verify hostname, leading to financial loss.
Mobile application for printing documents does not verify hostname, allowing attackers to read sensitive documents.
Software for electronic checking does not verify hostname, leading to financial loss.
Cloud-support library written in Python uses incorrect regular expression when matching hostname.
Web browser does not correctly handle '\0' character (NUL) in Common Name, allowing spoofing of https sites.
Database program truncates the Common Name during hostname verification, allowing spoofing.
Incorrect handling of '\0' character (NUL) in hostname verification allows spoofing.
Mail server's incorrect handling of '\0' character (NUL) in hostname verification allows spoofing.
LDAP server's incorrect handling of '\0' character (NUL) in hostname verification allows spoofing.
Payment processing module does not verify hostname when connecting to PayPal using PHP fsockopen function.
Smartphone device does not verify hostname, allowing spoofing of mail services.
E-commerce module does not verify hostname when connecting to payment site.
Chat application does not validate hostname, leading to loss of privacy.
Application uses third-party library that does not validate hostname.
Cloud storage management application does not validate hostname.
Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.
SOAP platform does not verify the hostname.
PHP library for payments does not verify the hostname.
Merchant SDK for payments does not verify the hostname.
Web browser does not validate Common Name, allowing spoofing of https sites.
+ Potential Mitigations

Phase: Architecture and Design

Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed.

Phase: Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
+ Detection Methods

Dynamic Analysis with Manual Results Interpretation

Set up an untrusted endpoint (e.g. a server) with which the software will connect. Create a test certificate that uses an invalid hostname but is signed by a trusted CA and provide this certificate from the untrusted endpoint. If the software performs any operations instead of disconnecting and reporting an error, then this indicates that the hostname is not being checked and the test certificate has been accepted.

Black Box

When Certificate Pinning is being used in a mobile application, consider using a tool such as Spinner [REF-955]. This methodology might be extensible to other technologies.
+ Memberships
This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.
NatureTypeIDName
MemberOfCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.948SFP Secondary Cluster: Digital Certificate
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPFailure to validate host-specific certificate data
+ References
[REF-245] Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh and Vitaly Shmatikov. "The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software". 2012-10-25. <http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf>.
[REF-243] Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith and Lars Baumgärtner, Bernd Freisleben. "Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security". 2012-10-16. <http://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf>.
[REF-249] Kenneth Ballard. "Secure programming with the OpenSSL API, Part 2: Secure handshake". 2005-05-03. <http://www.ibm.com/developerworks/library/l-openssl2/index.html>.
[REF-250] Eric Rescorla. "An Introduction to OpenSSL Programming (Part I)". 2001-10-05. <http://www.rtfm.com/openssl-examples/part1.pdf>.
[REF-44] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 23: Improper Use of PKI, Especially SSL." Page 347. McGraw-Hill. 2010.
[REF-955] Chris McMahon Stone, Tom Chothia and Flavio D. Garcia. "Spinner: Semi-Automatic Detection of Pinning without Hostname Verification". 2018-01-16. <http://www.cs.bham.ac.uk/~garciaf/publications/spinner.pdf>.
+ Content History
Submissions
Submission DateSubmitterOrganization
CLASP
Modifications
Modification DateModifierOrganization
2008-07-01Eric DalciCigital
updated Time_of_Introduction
2008-09-08CWE Content TeamMITRE
updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2009-03-10CWE Content TeamMITRE
updated Description, Name, Relationships
2009-05-27CWE Content TeamMITRE
updated Demonstrative_Examples
2009-07-27CWE Content TeamMITRE
updated Demonstrative_Examples, Relationships
2010-12-13CWE Content TeamMITRE
updated Description, Other_Notes
2011-06-01CWE Content TeamMITRE
updated Common_Consequences
2012-05-11CWE Content TeamMITRE
updated References, Relationships
2013-02-21CWE Content TeamMITRE
updated Applicable_Platforms, Demonstrative_Examples, Description, Name, Observed_Examples, References, Relationships, Type
2013-07-17CWE Content TeamMITRE
updated Relationships
2014-07-30CWE Content TeamMITRE
updated Relationships
2015-12-07CWE Content TeamMITRE
updated Relationships
2017-11-08CWE Content TeamMITRE
updated Demonstrative_Examples, Modes_of_Introduction, References, Relationships
2018-01-16CWE Content TeamMITRE
Integrated mitigations and detection methods for Certificate Pinning based on feedback from the CWE Researcher List in December 2017.
2018-03-27CWE Content TeamMITRE
updated Common_Consequences, Description, Detection_Factors, Modes_of_Introduction, Potential_Mitigations, References, Time_of_Introduction
Previous Entry Names
Change DatePrevious Entry Name
2009-03-10Failure to Validate Host-specific Certificate Data
2013-02-21Improper Validation of Host-specific Certificate Data

More information is available — Please select a different filter.
Page Last Updated: March 29, 2018