Difference between revisions of "Failure to validate host-specific certificate data"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}
 +
{{Template:Vulnerability}}
  
==Overview==
+
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
  
The failure to validate host-specific certificate data may mean that, while the certificate read was valid, it was not for the site originally requested.
+
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
  
==Consequences ==
+
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
  
* Integrity: The data read from the system vouched for by the certificate may not be from the expected system.
+
[[ASDR Table of Contents]]
 +
__TOC__
  
* Authentication: Trust afforded to the system in question - based on the expired certificate - may allow for spoofing or redirection attacks.
 
  
==Exposure period ==
+
==Description==
  
* Design: Certificate verification and handling should be performed in the design phase.
+
The failure to validate host-specific certificate data may mean that, while the certificate read was valid, it was not for the site originally requested.
  
==Platform ==
+
'''Consequences'''
  
* Language: All
+
* Integrity: The data read from the system vouched for by the certificate may not be from the expected system.
 +
* Authentication: Trust afforded to the system in question - based on the expired certificate - may allow for spoofing or redirection attacks.
  
* Operating platform: All
+
'''Exposure period'''
  
==Required resources ==
+
* Design: Certificate verification and handling should be performed in the design phase.
 +
 
 +
'''Platform'''
 +
 
 +
* Language: All
 +
* Operating platform: All
 +
 
 +
'''Required resources'''
  
 
Minor trust: Users must attempt to interact with the malicious system.
 
Minor trust: Users must attempt to interact with the malicious system.
  
==Severity ==
+
'''Severity'''
  
 
High
 
High
  
==Likelihood  of exploit ==
+
'''Likelihood  of exploit'''
  
 
High
 
High
  
==Avoidance and mitigation ==
+
If the host-specific data contained in a certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host.
  
* Design: Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.  
+
While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid and that it pertains to the site that we wish to access.
  
==Discussion ==
 
  
If the host-specific data contained in a certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host.
+
==Risk Factors==
  
While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid and that it pertains to the site that we wish to access.
+
TBD
  
==Examples ==
+
==Examples==
  
 
<pre>
 
<pre>
Line 52: Line 60:
 
</pre>
 
</pre>
  
==Related problems ==
 
  
* [[Failure to follow chain of trust in certificate validation]]
+
==Related [[Attacks]]==
  
* [[Failure to validate certificate expiration]]
+
* [[Attack 1]]
 +
* [[Attack 2]]
  
* [[Failure to check for certificate revocation]]
 
  
 +
==Related [[Vulnerabilities]]==
  
[[Category:Vulnerability]]
+
* [[Failure to follow chain of trust in certificate validation]]
 +
* [[Failure to validate certificate expiration]]
 +
* [[Failure to check for certificate revocation]]
  
[[Category:Protocol Errors]]
 
  
 +
==Related [[Controls]]==
 +
 +
* Design: Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.
 +
 +
 +
==Related [[Technical Impacts]]==
 +
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
 +
 +
 +
==References==
 +
Note: A reference to related [http://cwe.mitre.org/ CWE] or [http://capec.mitre.org/ CAPEC] article should be added when exists. Eg:
 +
 +
* [http://cwe.mitre.org/data/definitions/79.html CWE 79].
 +
* http://www.link1.com
 +
* [http://www.link2.com Title for the link2]
 +
 +
[[Category:FIXME|add links
 +
 +
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 +
 +
Availability Vulnerability
 +
 +
Authorization Vulnerability
 +
 +
Authentication Vulnerability
 +
 +
Concurrency Vulnerability
 +
 +
Configuration Vulnerability
 +
 +
Cryptographic Vulnerability
 +
 +
Encoding Vulnerability
 +
 +
Error Handling Vulnerability
 +
 +
Input Validation Vulnerability
 +
 +
Logging and Auditing Vulnerability
 +
 +
Session Management Vulnerability]]
 +
 +
__NOTOC__
 +
 +
 +
[[Category:OWASP ASDR Project]]
 +
[[Category:Vulnerability]]
 +
[[Category:Protocol Errors]]
 
[[Category:OWASP_CLASP_Project]]
 
[[Category:OWASP_CLASP_Project]]

Revision as of 06:33, 25 September 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 09/25/2008

Vulnerabilities Table of Contents

ASDR Table of Contents

Contents


Description

The failure to validate host-specific certificate data may mean that, while the certificate read was valid, it was not for the site originally requested.

Consequences

  • Integrity: The data read from the system vouched for by the certificate may not be from the expected system.
  • Authentication: Trust afforded to the system in question - based on the expired certificate - may allow for spoofing or redirection attacks.

Exposure period

  • Design: Certificate verification and handling should be performed in the design phase.

Platform

  • Language: All
  • Operating platform: All

Required resources

Minor trust: Users must attempt to interact with the malicious system.

Severity

High

Likelihood of exploit

High

If the host-specific data contained in a certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host.

While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid and that it pertains to the site that we wish to access.


Risk Factors

TBD

Examples

if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
  foo=SSL_get_veryify_result(ssl);
  if ((X509_V_OK==foo) || X509_V_ERR_SUBJECT_ISSUER_MISMATCH==foo))
//do stuff 


Related Attacks


Related Vulnerabilities


Related Controls

  • Design: Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.


Related Technical Impacts


References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg: