Missing Check for Certificate Revocation after Initial Check
Weakness ID: 370 (Weakness Base)Status: Draft
+ Description

Description Summary

The software does not check the revocation status of a certificate after its initial revocation check, which can cause the software to perform privileged actions even after the certificate is revoked at a later time.

Extended Description

If the revocation status of a certificate is not checked before each action that requires privileges, the system may be subject to a race condition. If a certificate is revoked after the initial check, all subsequent actions taken with the owner of the revoked certificate will lose all benefits guaranteed by the certificate. In fact, it is almost certain that the use of a revoked certificate indicates malicious activity.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Authentication

Trust may be assigned to an entity who is not who it claims to be.

Integrity

Data from an untrusted (and possibly malicious) source may be integrated.

Confidentiality

Date may be disclosed to an entity impersonating a trusted entity, resulting in information disclosure.

+ Likelihood of Exploit

Medium

+ Demonstrative Examples

Example 1

(Bad Code)
Example Languages: C and C++ 
if (!(cert = SSL_get_peer(certificate(ssl)) || !host) foo=SSL_get_verify_result(ssl);
if (X509_V_OK==foo) //do stuff
foo=SSL_get_verify_result(ssl); //do more stuff without the check.
+ Potential Mitigations

Phase: Architecture and Design

Ensure that certificates are checked for revoked status before each use of a protected resource. If the certificate is checked before each access of a protected resource, the delay subject to a possible race condition becomes almost negligible and significantly reduces the risk associated with this issue.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base299Improper Check for Certificate Revocation
Development Concepts (primary)699
Research Concepts (primary)1000
PeerOfWeakness BaseWeakness Base296Improper Following of Chain of Trust for Certificate Validation
Research Concepts1000
PeerOfWeakness BaseWeakness Base297Improper Validation of Host-specific Certificate Data
Research Concepts1000
PeerOfWeakness BaseWeakness Base298Improper Validation of Certificate Expiration
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPRace condition in checking for certificate revocation
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
26Leveraging Race Conditions
29Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Common Consequences, Relationships, Other Notes, Taxonomy Mappings
2008-10-14CWE Content TeamMITREInternal
updated Description, Other Notes, Potential Mitigations
2009-05-27CWE Content TeamMITREInternal
updated Name, Relationships
Previous Entry Names
Change DatePrevious Entry Name
2009-05-27Race Condition in Checking for Certificate Revocation