Difference between revisions of "Failure to check for certificate revocation"

From OWASP
Jump to: navigation, search
(Related Vulnerabilities)
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
 +
{{Template:Vulnerability}}
  
==Overview==
+
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
If a certificate is used without first checking to ensure it was not revoked, the certificate may be compromised.
+
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
  
==Consequences ==
+
==Description==
  
* Authentication: Trust may be assigned to an entity who is not who it claims to be.
+
If a certificate is used without first checking to ensure it was not revoked, the certificate may be compromised.
  
* Integrity: Data from an untrusted (and possibly malicious) source may be integrated.
+
'''Consequences'''
  
* Confidentiality: Date may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure.
+
* Authentication: Trust may be assigned to an entity who is not who it claims to be.
 +
* Integrity: Data from an untrusted (and possibly malicious) source may be integrated.
 +
* Confidentiality: Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure.
  
==Exposure period ==
+
'''Exposure period'''
  
* Design: Checks for certificate revocation should be included in the design of a system.
+
* Design: Checks for certificate revocation should be included in the design of a system.
 +
* Design: One can choose to use a language which abstracts out this part of authentication and encryption.
  
* Design: One can choose to use a language which abstracts out this part of authentication and encryption.
+
'''Platform'''
  
==Platform ==
+
* Languages: Any language which does not abstract out this part of the process
 +
* Operating platforms: All
  
* Languages: Any language which does not abstract out this part of the process
+
'''Required resources'''
 
+
* Operating platforms: All
+
 
+
==Required resources ==
+
  
 
Minor trust: Users must attempt to interact with the malicious system.
 
Minor trust: Users must attempt to interact with the malicious system.
  
==Severity ==
+
'''Severity'''
  
 
Medium
 
Medium
  
==Likelihood   of exploit ==
+
'''Likelihood of exploit'''
  
 
Medium
 
Medium
  
==Avoidance and mitigation ==
+
The failure to check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.
  
* Design: Ensure that certificates are checked for revoked status.
 
  
==Discussion ==
 
  
The failure to check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.
+
==Risk Factors==
 +
 
 +
TBD
  
==Examples ==
+
==Examples==
  
 
In C/C++:
 
In C/C++:
Line 54: Line 55:
 
</pre>
 
</pre>
  
==Related problems ==
 
  
* [[Failure to follow chain of trust in certificate validation]]
+
==Related [[Attacks]]==
  
* [[Failure to validate host-specific certificate data]]
+
* [[Attack 1]]
 +
* [[Attack 2]]
  
* [[Key exchange without entity authentication]]
 
  
* [[Failure to check for certificate expiration]]
+
==Related [[Vulnerabilities]]==
  
==Categories ==
+
* [[Failure to follow chain of trust in certificate validation]]
 +
* [[Failure to validate host-specific certificate data]]
 +
* [[Key exchange without entity authentication]]
  
[[Category:Vulnerability]]
+
==Related [[Controls]]==
  
[[Category:Protocol Errors]]
+
* Design: Ensure that certificates are checked for revoked status.
  
 +
 +
==Related [[Technical Impacts]]==
 +
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
 +
 +
 +
==References==
 +
TBD
 +
 +
[[Category:FIXME|add links
 +
 +
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 +
 +
Availability Vulnerability
 +
 +
Authorization Vulnerability
 +
 +
Authentication Vulnerability
 +
 +
Concurrency Vulnerability
 +
 +
Configuration Vulnerability
 +
 +
Cryptographic Vulnerability
 +
 +
Encoding Vulnerability
 +
 +
Error Handling Vulnerability
 +
 +
Input Validation Vulnerability
 +
 +
Logging and Auditing Vulnerability
 +
 +
Session Management Vulnerability]]
 +
 +
__NOTOC__
 +
 +
 +
[[Category:OWASP ASDR Project]]
 +
[[Category:Vulnerability]]
 +
[[Category:Protocol Errors]]
 
[[Category:OWASP_CLASP_Project]]
 
[[Category:OWASP_CLASP_Project]]

Latest revision as of 14:16, 21 February 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Last revision (mm/dd/yy): 02/21/2009

Vulnerabilities Table of Contents

Description

If a certificate is used without first checking to ensure it was not revoked, the certificate may be compromised.

Consequences

  • Authentication: Trust may be assigned to an entity who is not who it claims to be.
  • Integrity: Data from an untrusted (and possibly malicious) source may be integrated.
  • Confidentiality: Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure.

Exposure period

  • Design: Checks for certificate revocation should be included in the design of a system.
  • Design: One can choose to use a language which abstracts out this part of authentication and encryption.

Platform

  • Languages: Any language which does not abstract out this part of the process
  • Operating platforms: All

Required resources

Minor trust: Users must attempt to interact with the malicious system.

Severity

Medium

Likelihood of exploit

Medium

The failure to check for certificate revocation is a far more serious flaw than related certificate failures. This is because the use of any revoked certificate is almost certainly malicious. The most common reason for certificate revocation is compromise of the system in question, with the result that no legitimate servers will be using a revoked certificate, unless they are sorely out of sync.


Risk Factors

TBD

Examples

In C/C++:

if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
... without a get_verify_results


Related Attacks


Related Vulnerabilities

Related Controls

  • Design: Ensure that certificates are checked for revoked status.


Related Technical Impacts


References

TBD