CWE 295

Certificate Issues

Category ID: 295 (Category)

Status: Incomplete

Description

Description Summary

Certificates should be carefully managed and checked to assure that data are encrypted with the intended owner's public key.

Applicable Platforms

Languages

All

Background Details

A certificate is a token that associates an identity (principle) to a cryptographic key. Certificates can be used to check if a public key belongs to the assumed owner.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	254	Security Features	Development Concepts (primary)699
ChildOf	Category	731	OWASP Top Ten 2004 Category A10 - Insecure Configuration Management	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	296	Improper Following of Chain of Trust for Certificate Validation	Development Concepts (primary)699
ParentOf	Weakness Base	297	Improper Validation of Host-specific Certificate Data	Development Concepts (primary)699
ParentOf	Weakness Base	298	Improper Validation of Certificate Expiration	Development Concepts (primary)699
ParentOf	Weakness Base	299	Improper Check for Certificate Revocation	Development Concepts (primary)699

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
OWASP Top Ten 2004	A10	CWE More Specific	Insecure Configuration Management

References

M. Bishop. "Computer Security: Art and Science". Addison-Wesley. 2003.

Content History

Modifications
Modification Date	Modifier	Organization	Source
2008-08-15		Veracode	External
2008-08-15	Suggested OWASP Top Ten 2004 mapping
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Relationships, Taxonomy Mappings
2008-10-14	CWE Content Team	MITRE	Internal
2008-10-14	updated Background Details, Description

Facebook rss twitter linkedin mail

CWE 295

COMPANY

STANDARDS

RECENT POSTS

MENU