CWE-297: Improper Validation of Certificate with Host Mismatch
Weakness ID: 297
The software communicates with a host that provides a certificate, but the software does not properly ensure that the certificate is actually associated with that host.
Even if a certificate is well-formed, signed, and follows the chain of trust, it may simply be a valid certificate for a different site than the site that the software is interacting with. If the certificate's host-specific data is not properly checked - such as the Common Name (CN) in the Subject or the Subject Alternative Name (SAN) extension of an X.509 certificate - it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host. In order to ensure data integrity, the certificate must be valid and it must pertain to the site that is being accessed.
Even if the software attempts to check the hostname, it is still possible to incorrectly check the hostname. For example, attackers could create a certificate with a name that begins with a trusted name followed by a NUL byte, which could cause some string-based comparisons to only examine the portion that contains the trusted name.
Time of Introduction
Architecture and Design
Technical Impact: Gain privileges / assume
The data read from the system vouched for by the certificate may not
be from the expected system.
Technical Impact: Other
Trust afforded to the system in question -- based on the expired
certificate -- may allow for spoofing or redirection attacks.
Likelihood of Exploit
The following OpenSSL code obtains a certificate and verifies
Example Languages: C and C++
cert = SSL_get_peer_certificate(ssl);
if (cert &&
// do secret things
Even though the "verify" step returns X509_V_OK, this step does not
include checking the Common Name against the name of the host. That is,
there is no guarantee that the certificate is for the desired host. The
SSL connection could have been established with a malicious host that
provided a valid certificate.
Failure to validate host-specific certificate
Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh
and Vitaly Shmatikov. "The Most Dangerous Code in the World: Validating SSL
Certificates in Non-Browser Software". 2012-10-25. <http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf>.