logo

Missing Validation of OpenSSL Certificate

Incomplete Variant
Structure: Simple
Description

The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements.

Extended Description

This could allow an attacker to use an invalid certificate to claim to be a trusted host, use expired certificates, or conduct other attacks that could be detected if the certificate is properly validated.
Common Consequences 3
Scope: Confidentiality

Impact: Read Application Data

The data read may not be properly secured, it might be viewed by an attacker.

Scope: Access Control

Impact: Bypass Protection MechanismGain Privileges or Assume Identity

Trust afforded to the system in question may allow for spoofing or redirection attacks.

Scope: Access Control

Impact: Gain Privileges or Assume Identity

If the certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data under the guise of a trusted host. While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid, and that it pertains to the site we wish to access.
Potential Mitigations 2
Phase: Architecture and Design
Ensure that proper authentication is included in the system design.
Phase: Implementation
Understand and properly implement all checks necessary to ensure the identity of entities involved in encrypted communications.
Demonstrative Examples 1

ID : DX-125

The following OpenSSL code ensures that the host has a certificate.

Code Example:

Bad
C
c

// got certificate, host can be trusted*

c
Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate.
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Improper Certificate Validation (CWE-295)
Notes
RelationshipImproper Certificate Validation and Missing Validation of OpenSSL Certificate are very similar, although Missing Validation of OpenSSL Certificate has a more narrow scope that is only applied to OpenSSL certificates. As a result, other children of Improper Certificate Validation can be regarded as children of Missing Validation of OpenSSL Certificate as well. CWE's use of one-dimensional hierarchical relationships is not well-suited to handle different kinds of abstraction relationships based on concepts like types of resources ("OpenSSL certificate" as a child of "any certificate") and types of behaviors ("not validating expiration" as a child of "improper validation").