Difference between revisions of "Failure to validate host-specific certificate data"

From OWASP
Jump to: navigation, search
 
Line 1: Line 1:
 
  
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
Line 47: Line 46:
 
==Examples ==
 
==Examples ==
  
 +
<pre>
 
if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
 
if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
 
   foo=SSL_get_veryify_result(ssl);
 
   foo=SSL_get_veryify_result(ssl);
 
   if ((X509_V_OK==foo) || X509_V_ERR_SUBJECT_ISSUER_MISMATCH==foo))
 
   if ((X509_V_OK==foo) || X509_V_ERR_SUBJECT_ISSUER_MISMATCH==foo))
 
//do stuff  
 
//do stuff  
 +
</pre>
 +
 
==Related problems ==
 
==Related problems ==
  
* Failure to follow chain of trust in certificate validation
+
* [[Failure to follow chain of trust in certificate validation]]
  
* Failure to validate certificate expiration
+
* [[Failure to validate certificate expiration]]
  
* Failure to check for certificate revocation
+
* [[Failure to check for certificate revocation]]
  
 
==Categories ==
 
==Categories ==

Revision as of 11:49, 16 April 2006


Overview

The failure to validate host-specific certificate data may mean that, while the certificate read was valid, it was not for the site originally requested.

Consequences

  • Integrity: The data read from the system vouched for by the certificate may not be from the expected system.
  • Authentication: Trust afforded to the system in question - based on the expired certificate - may allow for spoofing or redirection attacks.

Exposure period

  • Design: Certificate verification and handling should be performed in the design phase.

Platform

  • Language: All
  • Operating platform: All

Required resources

Minor trust: Users must attempt to interact with the malicious system.

Severity

High

Likelihood of exploit

High

Avoidance and mitigation

  • Design: Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.

Discussion

If the host-specific data contained in a certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host.

While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid and that it pertains to the site that we wish to access.

Examples

if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
  foo=SSL_get_veryify_result(ssl);
  if ((X509_V_OK==foo) || X509_V_ERR_SUBJECT_ISSUER_MISMATCH==foo))
//do stuff 

Related problems

Categories