Skip to content

[CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch #687

New issue
New issue
Closed
Closed
[CPP]: Add query for CWE-297: Improper Validation of Certificate with Host Mismatch#687
Labels
All For OneSubmissions to the All for One, One for All bounty
@ihsinme

Description

@ihsinme
ihsinme
opened on Jun 9, 2022

Query PR

github/codeql#9086

Language

C/C++

CVE(s) ID list

CWE

CWE-297: Improper Validation of Certificate with Host Mismatch

Report

  1. Lack of verification of the certificate name.
  2. If the program does not require verification of the certificate name, this creates the possibility of replacing the certificate and accessing the transmission channel.
  3. The request provides for one of the three certificate name control methods described in opensl.
  4. the request does not require control over the correct execution, as this complicates. but I'll be happy to add the exceptions found as fp.

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

  • Yes
  • No

Blog post link

https://twitter.com/ihsinme/status/1534885062180753408

Metadata

Metadata

Assignees

No one assigned

    Labels

    All For OneSubmissions to the All for One, One for All bounty

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions