|
|
Status: Incomplete Weakness ID: 297 (Weakness Base)Description Summary The failure to validate host-specific certificate data may mean that, while the certificate read was valid, it was not for the site originally requested. Likelihood of Exploit High Common Consequences Integrity The data read from the system vouched for by the certificate may not be from the expected system. Authentication Trust afforded to the system in question -- based on the expired certificate -- may allow for spoofing or redirection attacks. Potential Mitigations Architecture and Design Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed. Demonstrative Examples if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
foo=SSL_get_veryify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SUBJECT_ISSUER_MISMATCH==foo))
//do stuff
Other Notes If the host-specific data contained in a certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host. While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid and that it pertains to the site that we wish to access. Relationships
Taxonomy Mappings
Applicable Platforms Languages All Time of Introduction  Architecture and DesignContent History Submissions CLASP. (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings |
|
|
|||
