Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

CWE-295: Improper Certificate Validation | Mondoo Vulnerability Intelligence

CWE-295

BaseDraft

Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

424 linked vulnerabilities

3 related weaknesses

Architecture and Design

Implementation

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

Integrity

Authentication

Bypass Protection Mechanism

Gain Privileges or Assume Identity

When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. The product might connect to a malicious host while believing it is a trusted host, or the product might be deceived into accepting spoofed data that appears to originate from a trusted host.

Automated Static Analysis - Binary or Bytecode

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Bytecode Weakness Analysis - including disassembler + source code weakness analysis
Binary Weakness Analysis - including disassembler + source code weakness analysis

Manual Static Analysis - Binary or Bytecode

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Dynamic Analysis with Automated Results Interpretation

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Web Application Scanner

Dynamic Analysis with Manual Results Interpretation

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Man-in-the-middle attack tool

Manual Static Analysis - Source Code

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Focused Manual Spotcheck - Focused manual analysis of source
Manual Source Code Review (not inspections)

Automated Static Analysis - Source Code

Effectiveness: SOAR Partial

According to SOAR [REF-1479], the following detection techniques may be useful:

Source code Weakness Analyzer
Context-configured Source Code Weakness Analyzer

Architecture or Design Review

Effectiveness: High

According to SOAR [REF-1479], the following detection techniques may be useful:

Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Modes of Introduction

Architecture and Design

Implementation

Implementation

Related Weaknesses

CWE-287ChildOf CWE-287ChildOf CWE-322PeerOf

Example CVEs (20)

CVE-2019-12496

A Go framework for robotics, drones, and IoT devices skips verification of root CA certificates by default.

CVE-2014-1266

Chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint). The code's whitespace indentation did not reflect the actual control flow (CWE-1114) and did not explicitly delimit the block (CWE-483), which could have made it more difficult for human code auditors to detect the vulnerability.

CVE-2021-22909

Chain: router's firmware update procedure uses curl with "-k" (insecure) option that disables certificate validation (CWE-295), allowing adversary-in-the-middle (AITM) compromise with a malicious firmware image (CWE-494).

CVE-2008-4989

Verification function trusts certificate chains in which the last certificate is self-signed.

CVE-2012-5821

Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server's certificate is signed by a trusted certification authority (CA)

External Links

MITRE CWE Database