Category: SFP Secondary Cluster: Digital Certificate
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Digital Certificate cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-296 | Improper Following of a Certificate's Chain of Trust | The product does not follow, or incorrectly follows, the chain of trust for a certificate back to a trusted root certificate, resulting in incorrect trust of any resource that is associated with that certificate. |
| CWE-297 | Improper Validation of Certificate with Host Mismatch | The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host. |
| CWE-298 | Improper Validation of Certificate Expiration | A certificate expiration is not validated or is incorrectly validated, so trust may be assigned to certificates that have been abandoned due to age. |
| CWE-299 | Improper Check for Certificate Revocation | The product does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a certificate that has been compromised. |
| CWE-593 | Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created | The product modifies the SSL context after connection creation has begun. |
| CWE-599 | Missing Validation of OpenSSL Certificate | The product uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.