CVEbaza.plSłownik CWECWE-297
Common Weakness Enumeration

CWE-297

Improper Validation of Certificate with Host Mismatch

Kategoria: VariantCVE: 59
Opis

Produkt komunikuje się z hostem dostarczającym certyfikat, ale nie zapewnia prawidłowo, że certyfikat jest faktycznie powiązany z tym hostem. Brak właściwej walidacji może prowadzić do zagrożeń bezpieczeństwa związanych z podszywaniem się i atakami man-in-the-middle.

Description (EN)

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

Podatności CVE z CWE-297 (59)
9.8
CVSS
CRITICAL
CVE-2025-46408

W aplikacji AVTECH EagleEyes 2.0.0 wykryto krytyczną podatność polegającą na całkowitym wyłączeniu walidacji nazwy hosta podczas połączeń HTTPS. Umożliwia to atakującemu przeprowadzenie ataku Man-in-the-Middle i przechwycenie lub zmodyfikowanie szyfrowanego ruchu sieciowego.

pub. 2025-09-15
9.1
CVSS
CRITICAL
CVE-2026-26214

Galaxy FDS Android SDK w wersji 3.0.8 i wcześniejszych wyłącza weryfikację nazwy hosta TLS, akceptując dowolny ważny certyfikat niezależnie od niezgodności hostname. Oznacza to, że wszystkie aplikacje korzystające z SDK z domyślną konfiguracją są podatne na przechwycenie i modyfikację ruchu sieciowego przez atakującego w pozycji man-in-the-middle.

pub. 2026-02-12
9.1
CVSS
CRITICAL
CVE-2025-68637

Klient HTTP Apache Uniffle domyślnie ufa wszystkim certyfikatom SSL i wyłącza weryfikację nazwy hosta, co naraża całą komunikację REST API na ataki Man-in-the-Middle. Podatność jest krytyczna, ponieważ nie wymaga uwierzytelnienia ani interakcji użytkownika.

pub. 2026-01-07
9.1
CVSS
CRITICAL
CVE-2021-33695

Potentially, SAP Cloud Connector, version - 2.0 communication with the backend is accepted without sufficient validation of the certificate.

pub. 2021-09-15
9.1
CVSS
CRITICAL
CVE-2020-1887

Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery traffic in the absence of a configured root chain of trust.

pub. 2020-03-13
9.0
CVSS
CRITICAL
CVE-2020-11050

In Java-WebSocket less than or equal to 1.4.1, there is an Improper Validation of Certificate with Host Mismatch where WebSocketClient does not perform SSL hostname validation. This has been patched in 1.5.0.

pub. 2020-05-07
8.8
CVSS
HIGH
CVE-2026-35563

It was identified that the LDAP client implementation in version 2.1.7 does not verify if the server certificate matches the intended LDAP hostname. While the underlying code validates the certificate chain against a trusted authority, the absence of endpoint identification allows a valid certificate issued for an entirely unrelated host to be improperly accepted. This oversight leaves the connection highly vulnerable to server impersonation and complete connection compromise. The root cause of this vulnerability lies in the incomplete TLS server identity verification within the LDAP client implementation. The attacker requires MITM capability on the network to exploit this vulnerability. This attacker must be able to present a certificate trusted by the client's configured trust store. The hostname verification has been enforced in the new version of the LDAP API

pub. 2026-06-01
8.8
CVSS
HIGH
CVE-2021-21385

Mifos-Mobile Android Application for MifosX is an Android Application built on top of the MifosX Self-Service platform. Mifos-Mobile before commit e505f62 disables HTTPS hostname verification of its HTTP client. Additionally it accepted any self-signed certificate as valid. Hostname verification is an important part when using HTTPS to ensure that the presented certificate is valid for the host. Disabling it can allow for man-in-the-middle attacks. Accepting any certificate, even self-signed ones allows man-in-the-middle attacks. This problem is fixed in mifos-mobile commit e505f62.

pub. 2021-03-24
8.2
CVSS
HIGH
CVE-2025-3501

A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended.

pub. 2025-04-29
8.1
CVSS
HIGH
CVE-2025-2190

The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.

pub. 2025-03-11
8.1
CVSS
HIGH
CVE-2022-32153

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation.

pub. 2022-06-15
8.1
CVSS
HIGH
CVE-2018-10936

A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.

pub. 2018-08-30
7.6
CVSS
HIGH
CVE-2026-42790

Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verification. Two flaws combine to allow a subordinate CA whose DNS nameConstraints are restricted (e.g. permitted;DNS:allowed.example.com) to issue a leaf certificate that an OTP TLS client accepts as a valid identity for an out-of-scope hostname (e.g. victim.example.com): First, pubkey_cert:validate_names/6 in lib/public_key/src/pubkey_cert.erl only checks SAN DNS entries against nameConstraints. Per RFC 5280, a permitted DNS subtree only restricts certificates that contain a DNS-typed name. A leaf with no subjectAltName therefore trivially satisfies any permitted;DNS:... constraint regardless of its subject commonName. Second, public_key:pkix_verify_hostname/3 in lib/public_key/src/public_key.erl falls back to the subject commonName when no subjectAltName is present, extracting id-at-commonName attributes as presented IDs and matching them against the reference hostname. The strict pkix_verify_hostname_match_fun(https) matcher does not suppress this fallback. The result is that path validation accepts a CN-only leaf under a DNS-constrained intermediate (no SAN means the nameConstraints are not triggered), and hostname verification then accepts it via the CN fallback. The bypass is reachable from stock ssl:connect with verify_peer, a trusted CA, SNI, and the canonical strict https hostname matcher. This issue affects OTP from OTP 19.3 before OTP 26.2.5.21, 27.3.4.12, 28.5.0.1, and 29.0.1 corresponding to public_key from 1.4 before 1.15.1.7, 1.17.1.3, 1.20.3.1, and 1.21.1.

pub. 2026-05-27
7.5
CVSS
HIGH
CVE-2025-25253

An Improper Validation of Certificate with Host Mismatch vulnerability [CWE-297] in FortiProxy version 7.6.1 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions and FortiOS version 7.6.2 and below, version 7.4.8 and below, 7.2 all versions, 7.0 all versions ZTNA proxy may allow an unauthenticated attacker in a man-in-the middle position to intercept and tamper with connections to the ZTNA proxy

pub. 2025-10-14
7.5
CVSS
HIGH
CVE-2024-34447

An issue was discovered in the Bouncy Castle Crypto Package For Java before BC TLS Java 1.0.19 (ships with BC Java 1.78, BC Java (LTS) 2.73.6) and before BC FIPS TLS Java 1.0.19. When endpoint identification is enabled in the BCJSSE and an SSL socket is created without an explicit hostname (as happens with HttpsURLConnection), hostname verification could be performed against a DNS-resolved IP address in some situations, opening up a possibility of DNS poisoning.

pub. 2024-05-03
7.5
CVSS
HIGH
CVE-2023-5909

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect.

pub. 2023-11-30
7.4
CVSS
HIGH
CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When ssl_ca_file is configured, the driver enables certificate chain validation but does not pass the expected broker hostname into the underlying TLS stack. Any certificate signed by the deployment CA is accepted regardless of hostname, allowing an attacker who can intercept control-plane traffic to impersonate the RabbitMQ broker and perform a man-in-the-middle attack on RPC and notification traffic. All OpenStack services using oslo.messaging with RabbitMQ over TLS are affected.

pub. 2026-06-04
7.4
CVSS
HIGH
CVE-2026-44467

The Claude Desktop app gives you Claude Code with a graphical interface built for running multiple sessions side by side. From 1.2581.0 to before 1.4304.0, Claude Desktop's SSH remote development feature verified only whether a hostname existed in ~/.ssh/known_hosts without comparing the server's presented host key against the stored key. This allowed a network-positioned attacker to present an arbitrary SSH host key and have the connection silently accepted, enabling a man-in-the-middle attack on remote development sessions. Successful exploitation required the attacker to be in a network position to intercept SSH traffic (e.g., via ARP spoofing, rogue Wi-Fi, or DNS poisoning) and the target hostname to already have an entry in the victim's known_hosts file. This vulnerability is fixed in 1.4304.0.

pub. 2026-05-13
7.4
CVSS
HIGH
CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue.

pub. 2026-04-28
7.4
CVSS
HIGH
CVE-2024-37015

An issue was discovered in Ada Web Server 20.0. When configured to use SSL (which is not the default setting), the SSL/TLS used to establish connections to external services is done without proper hostname validation. This is exploitable by man-in-the-middle attackers.

pub. 2024-08-13
Pokazano 20 z 59 podatności
Informacje
ID: CWE-297
Typ: Variant
Podatności: 59
MITRE CWE ↗
← Słownik CWE