Failure to validate host-specific certificate data
The failure to validate host-specific certificate data may mean that, while the certificate read was valid, it was not for the site originally requested.
- Integrity: The data read from the system vouched for by the certificate may not be from the expected system.
- Authentication: Trust afforded to the system in question - based on the expired certificate - may allow for spoofing or redirection attacks.
- Design: Certificate verification and handling should be performed in the design phase.
- Language: All
- Operating platform: All
Minor trust: Users must attempt to interact with the malicious system.
Likelihood of exploit
Avoidance and mitigation
- Design: Check for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.
If the host-specific data contained in a certificate is not checked, it may be possible for a redirection or spoofing attack to allow a malicious host with a valid certificate to provide data, impersonating a trusted host.
While the attacker in question may have a valid certificate, it may simply be a valid certificate for a different site. In order to ensure data integrity, we must check that the certificate is valid and that it pertains to the site that we wish to access.
if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
foo=SSL_get_veryify_result(ssl); if ((X509_V_OK==foo) || X509_V_ERR_SUBJECT_ISSUER_MISMATCH==foo))
- Failure to follow chain of trust in certificate validation
- Failure to validate certificate expiration
- Failure to check for certificate revocation