Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

CWE-298: Improper Validation of Certificate Expiration | Mondoo Vulnerability Intelligence

CWE-298

VariantDraft

View on MITRE

Improper Validation of Certificate Expiration

A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age.

4 linked vulnerabilities

2 related weaknesses

Extended Description

When the expiration of a certificate is not taken into account, no trust has necessarily been conveyed through it. Therefore, the validity of the certificate cannot be verified and all benefit of the certificate is lost.

Architecture and Design

Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.

Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration.

Integrity

Other

The data read from the system vouched for by the expired certificate may be flawed due to malicious spoofing.

Authentication

Other

Trust afforded to the system in question - based on the expired certificate - may allow for spoofing attacks.

Modes of Introduction

Implementation

Related Weaknesses

CWE-295ChildOf CWE-672ChildOf

External Links

MITRE CWE Database