CWE-370 在初始检查后缺失对证书撤销的验证

Missing Check for Certificate Revocation after Initial Check

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: Medium

基本描述

The software does not check the revocation status of a certificate after its initial revocation check, which can cause the software to perform privileged actions even after the certificate is revoked at a later time.

扩展描述

If the revocation status of a certificate is not checked before each action that requires privileges, the system may be subject to a race condition. If a certificate is revoked after the initial check, all subsequent actions taken with the owner of the revoked certificate will lose all benefits guaranteed by the certificate. In fact, it is almost certain that the use of a revoked certificate indicates malicious activity.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 299 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 299 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: PeerOf cwe_CWE_ID: 296 cwe_View_ID: 1000

  • cwe_Nature: PeerOf cwe_CWE_ID: 297 cwe_View_ID: 1000

  • cwe_Nature: PeerOf cwe_CWE_ID: 298 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Access Control Gain Privileges or Assume Identity Trust may be assigned to an entity who is not who it claims to be.
Integrity Modify Application Data Data from an untrusted (and possibly malicious) source may be integrated.
Confidentiality Read Application Data Data may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure.

可能的缓解方案

Architecture and Design

策略:

Ensure that certificates are checked for revoked status before each use of a protected resource. If the certificate is checked before each access of a protected resource, the delay subject to a possible race condition becomes almost negligible and significantly reduces the risk associated with this issue.

示例代码

The following code checks a certificate before performing an action.

bad C

if (cert = SSL_get_peer_certificate(ssl)) {
foo=SSL_get_verify_result(ssl);
if (X509_V_OK==foo)

//do stuff
foo=SSL_get_verify_result(ssl);
//do more stuff without the check.

While the code performs the certificate verification before each action, it does not check the result of the verification after the initial attempt. The certificate may have been revoked in the time between the privileged actions.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CLASP Race condition in checking for certificate revocation
Software Fault Patterns SFP20 Race Condition Window

相关攻击模式

  • CAPEC-26
  • CAPEC-29

引用