CWE-599: Trust of OpenSSL Certificate Without Validation
Trust of OpenSSL Certificate Without Validation
Weakness ID: 599 (Weakness Variant)
Status: Incomplete
Description
Description Summary
The software uses an OpenSSL Certificate without validating the certificate data.
Extended Description
This could allow an attacker to claim to be a trusted host.
Time of Introduction
Architecture and Design
Implementation
Common Consequences
Scope
Effect
Confidentiality
Technical Impact: Read application
data
The data read may not be properly secured, it might be viewed by an
attacker.
Access Control
Technical Impact: Bypass protection
mechanism; Gain privileges / assume
identity
Trust afforded to the system in question may allow for spoofing or
redirection attacks.
Access Control
Technical Impact: Gain privileges / assume
identity
If the certificate is not checked, it may be possible for a
redirection or spoofing attack to allow a malicious host with a valid
certificate to provide data under the guise of a trusted host. While the
attacker in question may have a valid certificate, it may simply be a
valid certificate for a different site. In order to ensure data
integrity, we must check that the certificate is valid, and that it
pertains to the site we wish to access.
Demonstrative Examples
Example 1
(Bad Code)
Example
Language: C
if (!(cert = SSL_get_peer(certificate(ssl)) || !host))
//foo=SSL_get_verify_result(ssl);
//if ((X509_V_OK==foo)
Potential Mitigations
Phase: Architecture and Design
Ensure that proper authentication is included in the system
design.
Phase: Implementation
Understand and properly implement all checks necessary to ensure the
identity of entities involved in encrypted communications.