logo

Improper Validation of Certificate with Host Mismatch

Incomplete Variant
Structure: Simple
Description

This vulnerability occurs when an application accepts a valid SSL/TLS certificate without properly verifying that it actually belongs to the specific host it's connecting to. Even a correctly signed certificate from a trusted authority can be misused if the hostname check is missing or flawed.

Extended Description

When your application connects to a server, it must verify that the certificate presented matches the intended hostname. This is done by checking the Common Name (CN) or, more reliably, the Subject Alternative Name (SAN) fields in the certificate. If this validation is skipped or implemented incorrectly, an attacker with a valid certificate for a different domain can impersonate your trusted service, leading to man-in-the-middle attacks and data interception. Common validation pitfalls include incomplete string comparisons that can be tricked by special characters, or failing to perform hostname checks when using certificate pinning. Always validate the hostname at the time of pinning and use established library functions for hostname verification instead of custom string matching, as these functions correctly handle edge cases like null bytes and wildcards.
Common Consequences 2
Scope: Access Control

Impact: Gain Privileges or Assume Identity

The data read from the system vouched for by the certificate may not be from the expected system.

Scope: AuthenticationOther

Impact: Other

Trust afforded to the system in question - based on the malicious certificate - may allow for spoofing or redirection attacks.
Detection Methods 3
Automated Static AnalysisHigh
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Dynamic Analysis with Manual Results Interpretation
Set up an untrusted endpoint (e.g. a server) with which the product will connect. Create a test certificate that uses an invalid hostname but is signed by a trusted CA and provide this certificate from the untrusted endpoint. If the product performs any operations instead of disconnecting and reporting an error, then this indicates that the hostname is not being checked and the test certificate has been accepted.
Black Box
When Certificate Pinning is being used in a mobile application, consider using a tool such as Spinner [REF-955]. This methodology might be extensible to other technologies.
Potential Mitigations 2
Phase: Architecture and Design
Fully check the hostname of the certificate and provide the user with adequate information about the nature of the problem and how to proceed.
Phase: Implementation
If certificate pinning is being used, ensure that all relevant properties of the certificate are fully validated before the certificate is pinned, including the hostname.
Demonstrative Examples 1

ID : DX-122

The following OpenSSL code obtains a certificate and verifies it.

Code Example:

Bad
C
c

// do secret things* }

Even though the "verify" step returns X509_V_OK, this step does not include checking the Common Name against the name of the host. That is, there is no guarantee that the certificate is for the desired host. The SSL connection could have been established with a malicious host that provided a valid certificate.
Observed Examples 20
CVE-2012-5810Mobile banking application does not verify hostname, leading to financial loss.
CVE-2012-5811Mobile application for printing documents does not verify hostname, allowing attackers to read sensitive documents.
CVE-2012-5807Software for electronic checking does not verify hostname, leading to financial loss.
CVE-2012-3446Cloud-support library written in Python uses incorrect regular expression when matching hostname.
CVE-2009-2408Web browser does not correctly handle '\0' character (NUL) in Common Name, allowing spoofing of https sites.
CVE-2012-0867Database program truncates the Common Name during hostname verification, allowing spoofing.
CVE-2010-2074Incorrect handling of '\0' character (NUL) in hostname verification allows spoofing.
CVE-2009-4565Mail server's incorrect handling of '\0' character (NUL) in hostname verification allows spoofing.
CVE-2009-3767LDAP server's incorrect handling of '\0' character (NUL) in hostname verification allows spoofing.
CVE-2012-5806Payment processing module does not verify hostname when connecting to PayPal using PHP fsockopen function.
CVE-2012-2993Smartphone device does not verify hostname, allowing spoofing of mail services.
CVE-2012-5804E-commerce module does not verify hostname when connecting to payment site.
CVE-2012-5824Chat application does not validate hostname, leading to loss of privacy.
CVE-2012-5822Application uses third-party library that does not validate hostname.
CVE-2012-5819Cloud storage management application does not validate hostname.
CVE-2012-5817Java library uses JSSE SSLSocket and SSLEngine classes, which do not verify the hostname.
CVE-2012-5784SOAP platform does not verify the hostname.
CVE-2012-5782PHP library for payments does not verify the hostname.
CVE-2012-5780Merchant SDK for payments does not verify the hostname.
CVE-2003-0355Web browser does not validate Common Name, allowing spoofing of https sites.
References 7
The CLASP Application Security Process
Secure Software, Inc.
2005
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)
ID: REF-18
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software
Martin Georgiev, Subodh Iyengar, Suman Jana, Rishita Anubhai, Dan Boneh, and Vitaly Shmatikov
25-10-2012
https://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf(2025-07-24)
ID: REF-245
Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security
Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith and Lars Baumgärtner, Bernd Freisleben
16-10-2012
http://www2.dcsec.uni-hannover.de/files/android/p50-fahl.pdf
ID: REF-243
Secure programming with the OpenSSL API, Part 2: Secure handshake
Kenneth Ballard
03-05-2005
https://developer.ibm.com/tutorials/l-openssl/?mhsrc=ibmsearch_a&mhq=secure%20programming%20with%20the%20openssl%20API(2023-04-07)
ID: REF-249
An Introduction to OpenSSL Programming (Part I)
Eric Rescorla
05-10-2001
https://www.linuxjournal.com/article/4822(2023-04-07)
ID: REF-250
24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, and John Viega
McGraw-Hill
2010
ID: REF-44
Spinner: Semi-Automatic Detection of Pinning without Hostname Verification
Chris McMahon Stone, Tom Chothia, and Flavio D. Garcia
https://flaviodgarcia.com/publications/spinner.pdf,(2025-08-04)
ID: REF-955
Likelihood of Exploit

High

Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Technologies:
Mobile : UndeterminedNot Technology-Specific : Undetermined
Modes of Introduction
Implementation
Implementation
Related Weaknesses
ChildOf: Improper Restriction of Communication Channel to Intended Endpoints (CWE-923)
ChildOf: Improper Certificate Validation (CWE-295)
Taxonomy Mapping
  • CLASP