Difference between revisions of "Failure to follow chain of trust in certificate validation"

Jump to: navigation, search
Line 1: Line 1:
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]

Revision as of 17:22, 24 September 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 09/24/2008

Vulnerabilities Table of Contents

ASDR Table of Contents


Failure to follow the chain of trust when validating a certificate results in the trust of a given resource which has no connection to trusted root-certificate entities.


  • Authentication: Exploitation of this flaw can lead to the trust of data that may have originated with a spoofed source.
  • Accountability: Data, requests, or actions taken by the attacking entity can be carried out as a spoofed benign entity.

Exposure period

  • Design: Proper certificate checking should be included in the system design.
  • Implementation: If use of SSL (or similar) is simply mandated by design and requirements, it is the implementor's job to properly use the API and all its protections.


  • Languages: All
  • Platforms: All

Required resources

Minor trust: Users must attempt to interact with the malicious system.



Likelihood of exploit


If a system fails to follow the chain of trust of a certificate to a root server, the certificate looses all usefulness as a metric of trust. Essentially, the trust gained from a certificate is derived from a chain of trust - with a reputable trusted entity at the end of that list. The end user must trust that reputable source, and this reputable source must vouch for the resource in question through the medium of the certificate.

In some cases, this trust traverses several entities who vouch for one another. The entity trusted by the end user is at one end of this trust chain, while the certificate wielding resource is at the other end of the chain.

If the user receives a certificate at the end of one of these trust chains and then proceeds to check only that the first link in the chain, no real trust has been derived, since you must traverse the chain to a trusted source to verify the certificate.

Risk Factors



if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
  if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))
//do stuff 

Related Attacks

Related Vulnerabilities

Related Controls

  • Design: Ensure that proper certificate checking is included in the system design.
  • Implementation: Understand, and properly implement all checks necessary to ensure the integrity of certificate trust integrity.

Related Technical Impacts