Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

CWE-298: Improper Validation of Certificate Expiration | Mondoo Vulnerability Intelligence

CWE-298

VariantDraft

View on MITRE

Improper Validation of Certificate Expiration

A certificate expiration is not validated or is incorrectly validated.

4 linked vulnerabilities

2 related weaknesses

Architecture and Design

Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.

Implementation

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration.

Integrity

Other

The data read from the system vouched for by the expired certificate may be flawed due to malicious spoofing.

Authentication

Other

Trust may be assigned to certificates that have been abandoned due to age.

Modes of Introduction

Implementation

Related Weaknesses

CWE-295ChildOf CWE-672ChildOf

Example CVEs (4)

CVE-2025-4384

product does not verify that a certificate has expired

CVE-2007-3564

web library product does not verify that a certificate has expired

CVE-2007-6746

IRC product does not check the expiration date of the X.509 certificate

CVE-2007-6746

library for SSL and TLS does not check the activation or expiration dates of CA certificates

External Links

MITRE CWE Database