Using a key past its expiration date

Revision as of 06:06, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[ african grey sales ] [ john africa move ] [ auto maintenance hurst ] [ human right violation south africa ] page [ personal story of euthanasia ] [ parrots african grey ] [ employee assistance professional association of australia ] [ young asian school girl gallery ] links [ asia component golf ] domain [ south african zulu culture ] [ institution of engineers australia ] [ symantech antivirus updates ] [ nortons antivirus 2004 keygen ] [ uncle chews asian beaver ] [ automotive dge tuner ] [ african american violinists ] [ automobile association of south india ] [ georgia automobile registration ] [ african american marine biologist ] [ acnistus australis ] [ pet transport from australia to new zealand ] [ paving bricks western australia ] domain [ mature asian female ] [ auto finder luxury ] [ 21 australia century estate real ] [ presto auto loan ] african american in man prison [ download grisoft antivirus ] links [ hlub koj kuv ] [ dallas texas auto auction ] asian bridal show uk [ asian pacific american heritage council ] [ auto part saab used ] [ asian thong photos ] site [ australian vegetation map ] 300m auto [ african american+poet ] [ asian media development group ] index [ kurt warner autograph ] sitemap [ black african american hair styles ] This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/26/2009

Vulnerabilities Table of Contents


The use of a cryptographic key or password past its expiration date diminishes its safety significantly.


Authentication: The cryptographic key in question may be compromised, providing a malicious user with a method for authenticating as the victim.

Exposure period

  • Design: The handling of key expiration should be considered during the design phase - largely pertaining to user interface design.
  • Run time: Users are largely responsible for the use of old keys.


  • Languages: All
  • Platforms: All

Required resources




Likelihood of exploit


While the expiration of keys does not necessarily ensure that they are compromised, it is a significant concern that keys which remain in use for prolonged periods of time have a decreasing probability of integrity.

For this reason, it is important to replace keys within a period of time proportional to their strength.

Risk Factors



In C/C++:

if (!(cert = SSL_get_peer(certificate(ssl)) || !host)
  if ((X509_V_OK==foo) || (X509_V_ERRCERT_NOT_YET_VALID==foo))
//do stuff 

Related Attacks

Related Vulnerabilities

Related Controls

  • Design: Adequate consideration should be put in to the user interface in order to notify users prior to the key's expiration, to explain the importance of new key generation, and to walk users through the process as painlessly as possible.
  • Run time: Users must heed warnings and generate new keys and passwords when they expire.

Related Technical Impacts