CWE-295 证书验证不恰当

2021年12月16日15:51:00评论317 views字数 7884阅读26分16秒阅读模式

CWE-295 证书验证不恰当

Improper Certificate Validation

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

The software does not validate, or incorrectly validates, a certificate.

扩展描述

When a certificate is invalid or malicious, it might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host while believing it is a trusted host, or the software might be deceived into accepting spoofed data that appears to originate from a trusted host.

相关缺陷

cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1000 cwe_Ordinal: Primary
cwe_Nature: ChildOf cwe_CWE_ID: 287 cwe_View_ID: 1003 cwe_Ordinal: Primary
cwe_Nature: PeerOf cwe_CWE_ID: 322 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

Paradigm: {'cwe_Name': 'Mobile', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围	影响	注释
['Integrity', 'Authentication']	['Bypass Protection Mechanism', 'Gain Privileges or Assume Identity']

检测方法

Automated Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:

Bytecode Weakness Analysis - including disassembler + source code weakness analysis
Binary Weakness Analysis - including disassembler + source code weakness analysis

Manual Static Analysis - Binary or Bytecode

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:

Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies

Dynamic Analysis with Automated Results Interpretation

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:

Web Application Scanner

Dynamic Analysis with Manual Results Interpretation

According to SOAR, the following detection techniques may be useful:

Highly cost effective:

Man-in-the-middle attack tool

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:

Focused Manual Spotcheck - Focused manual analysis of source
Manual Source Code Review (not inspections)

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:

Source code Weakness Analyzer
Context-configured Source Code Weakness Analyzer

Architecture or Design Review

According to SOAR, the following detection techniques may be useful:

Highly cost effective:

Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

可能的缓解方案

['Architecture and Design', 'Implementation']

策略:

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Implementation

策略:

If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.

示例代码

例

This code checks the certificate of a connected peer.

bad C

if ((cert = SSL_get_peer_certificate(ssl)) && host)

foo=SSL_get_verify_result(ssl);

if ((X509_V_OK==foo) || X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN==foo))

// certificate looks good, host can be trusted

In this case, because the certificate is self-signed, there was no external authority that could prove the identity of the host. The program could be communicating with a different system that is spoofing the host, e.g. by poisoning the DNS cache or conducting a man-in-the-middle attack.

例

The following OpenSSL code obtains a certificate and verifies it.

bad C

cert = SSL_get_peer_certificate(ssl);
if (cert && (SSL_get_verify_result(ssl)==X509_V_OK)) {

// do secret things

}

Even though the "verify" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate.

例

The following OpenSSL code ensures that there is a certificate and allows the use of expired certificates.

bad C

if (cert = SSL_get_peer(certificate(ssl)) {

foo=SSL_get_verify_result(ssl);
if ((X509_V_OK==foo) || (X509_V_ERR_CERT_HAS_EXPIRED==foo))

//do stuff

If the call to SSL_get_verify_result() returns X509_V_ERR_CERT_HAS_EXPIRED, this means that the certificate has expired. As time goes on, there is an increasing chance for attackers to compromise the certificate.

例

The following OpenSSL code ensures that there is a certificate before continuing execution.

bad C

if (cert = SSL_get_peer_certificate(ssl)) {

// got a certificate, do secret things

Because this code does not use SSL_get_verify_results() to check the certificate, it could accept certificates that have been revoked (X509_V_ERR_CERT_REVOKED). The software could be communicating with a malicious host.

例

The following OpenSSL code ensures that the host has a certificate.

bad C

if (cert = SSL_get_peer_certificate(ssl)) {

// got certificate, host can be trusted

//foo=SSL_get_verify_result(ssl);

//if (X509_V_OK==foo) ...

}

Note that the code does not call SSL_get_verify_result(ssl), which effectively disables the validation step that checks the certificate.

分析过的案例

标识	说明	链接
CVE-2014-1266	chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing man-in-the-middle attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint ('Man-in-the-Middle')).	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1266
CVE-2008-4989	Verification function trusts certificate chains in which the last certificate is self-signed.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4989
CVE-2012-5821	Web browser uses a TLS-related function incorrectly, preventing it from verifying that a server's certificate is signed by a trusted certification authority (CA)	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5821
CVE-2009-3046	Web browser does not check if any intermediate certificates are revoked.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3046
CVE-2011-0199	Operating system does not check Certificate Revocation List (CRL) in some cases, allowing spoofing using a revoked certificate.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0199
CVE-2012-5810	Mobile banking application does not verify hostname, leading to financial loss.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5810
CVE-2012-3446	Cloud-support library written in Python uses incorrect regular expression when matching hostname.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3446
CVE-2009-2408	Web browser does not correctly handle '' character (NUL) in Common Name, allowing spoofing of https sites.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408
CVE-2012-2993	Smartphone device does not verify hostname, allowing spoofing of mail services.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2993
CVE-2012-5822	Application uses third-party library that does not validate hostname.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5822
CVE-2012-5819	Cloud storage management application does not validate hostname.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5819
CVE-2012-5817	Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5817
CVE-2010-1378	chain: incorrect calculation allows attackers to bypass certificate checks.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1378
CVE-2005-3170	LDAP client accepts certificates even if they are not from a trusted CA.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3170
CVE-2009-0265	chain: DNS server does not correctly check return value from the OpenSSL EVP_VerifyFinal function allows bypass of validation of the certificate chain.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0265
CVE-2003-1229	chain: product checks if client is trusted when it intended to check if the server is trusted, allowing validation of signed code.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1229
CVE-2002-0862	Cryptographic API, as used in web browsers, mail clients, and other software, does not properly validate Basic Constraints.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862
CVE-2009-1358	chain: OS package manager does not check properly check the return value, allowing bypass using a revoked certificate.	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1358

分类映射

映射的分类名	ImNode ID	Fit	Mapped Node Name
OWASP Top Ten 2004	A10	CWE More Specific	Insecure Configuration Management

相关攻击模式

CAPEC-459

引用

文章来源于互联网:scap中文网

左青龙
微信扫一扫

右白虎
微信扫一扫

本文由 admin 发表于 2021年12月16日15:51:00
转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出)：
CWE-295 证书验证不恰当https://cn-sec.com/archives/613225.html

目录

在线咨询

13688888888

8888 QQ在线咨询

微信
本页二维码