CWE-593 认证绕过：SSL对象创建后修改OpenSSL CTX对象
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
The software modifies the SSL context after connection creation has begun.
If the program modifies the SSL_CTX object after creating SSL objects from it, there is the possibility that older SSL objects created from the original context could all be affected by that change.
cwe_Nature: ChildOf cwe_CWE_ID: 666 cwe_View_ID: 1000 cwe_Ordinal: Primary
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 699 cwe_Ordinal: Primary
|Access Control||Bypass Protection Mechanism||No authentication takes place in this process, bypassing an assumed protection of encryption.|
|Confidentiality||Read Application Data||The encrypted communication between a user and a trusted host may be subject to a "man in the middle" sniffing attack.|
Architecture and Design
Use a language or a library that provides a cryptography framework at a higher level of abstraction.
Most SSL_CTX functions have SSL counterparts that act on SSL-type objects.
Applications should set up an SSL_CTX completely, before creating SSL objects from it.
The following example demonstrates the weakness.
#define CERT2 "secret2.pem"
ctx = SSL_CTX_new(SSLv23_method());
if (SSL_CTX_use_certificate_chain_file(ctx, CERT) != 1)
if (SSL_CTX_use_PrivateKey_file(ctx, CERT, SSL_FILETYPE_PEM) != 1)
if (!(ssl = SSL_new(ctx)))
if ( SSL_CTX_set_default_passwd_cb(ctx, "new default password" != 1))
if (!(ssl2 = SSL_new(ctx)))