CWE•Variant•Draft•3 recent CVEs
CWE-298Improper Validation of Certificate Expiration
Description
A certificate expiration is not validated or is incorrectly validated.
Common consequences
- Integrity,Other→OtherThe data read from the system vouched for by the expired certificate may be flawed due to malicious spoofing.
- Authentication,Other→OtherTrust may be assigned to certificates that have been abandoned due to age.
Potential mitigations
- Architecture and DesignCheck for expired certificates and provide the user with adequate information about the nature of the problem and how to proceed.
- ImplementationIf certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the expiration.