Failure to validate host-specific certificate data

Revision as of 16:44, 13 April 2006 by Jeff Williams (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


The failure to validate host-specific certificate data may mean that, while the certificate read was valid, it was not for the site originally requested.


  • Integrity: The data read from the system vouched for by the certificate may not be from the expected system.
  • Authentication: Trust afforded to the system in question - based on the expired certificate - may allow for spoofing or redirection attacks.

Exposure period

  • Design: Certificate verification and handling should be performed in the design phase.


  • Language: All
  • Operating platform: All

Required resources

Minor trust: Users must attempt to interact with the malicious system.



Likelihood of exploit


Avoidance and mitigation

  • Design: Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.


If the host-specific data contained in a certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host.

While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid and that it pertains to the site that we wish to access.


if (!(cert = SSL_get_peer(certificate(ssl)) || !host)

 if ((X509_V_OK==foo) || X509_V_ERR_SUBJECT_ISSUER_MISMATCH==foo))

//do stuff

Related problems

  • Failure to follow chain of trust in certificate validation
  • Failure to validate certificate expiration
  • Failure to check for certificate revocation