CWE-370 在初始检查后缺失对证书撤销的验证

Missing Check for Certificate Revocation after Initial Check

结构: Simple

Abstraction: Variant

状态: Draft

被利用可能性: Medium

基本描述

The software does not check the revocation status of a certificate after its initial revocation check, which can cause the software to perform privileged actions even after the certificate is revoked at a later time.

扩展描述

If the revocation status of a certificate is not checked before each action that requires privileges, the system may be subject to a race condition. If a certificate is revoked after the initial check, all subsequent actions taken with the owner of the revoked certificate will lose all benefits guaranteed by the certificate. In fact, it is almost certain that the use of a revoked certificate indicates malicious activity.

相关缺陷

• cwe_Nature: ChildOf cwe_CWE_ID: 299 cwe_View_ID: 1000 cwe_Ordinal: Primary

• cwe_Nature: ChildOf cwe_CWE_ID: 299 cwe_View_ID: 699 cwe_Ordinal: Primary

• cwe_Nature: PeerOf cwe_CWE_ID: 296 cwe_View_ID: 1000

• cwe_Nature: PeerOf cwe_CWE_ID: 297 cwe_View_ID: 1000

• cwe_Nature: PeerOf cwe_CWE_ID: 298 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

可能的缓解方案

Architecture and Design

策略:

Ensure that certificates are checked for revoked status before each use of a protected resource. If the certificate is checked before each access of a protected resource, the delay subject to a possible race condition becomes almost negligible and significantly reduces the risk associated with this issue.

示例代码

例

The following code checks a certificate before performing an action.

bad C

While the code performs the certificate verification before each action, it does not check the result of the verification after the initial attempt. The certificate may have been revoked in the time between the privileged actions.

分类映射

相关攻击模式

• CAPEC-26
• CAPEC-29

引用

• REF-44 24 Deadly Sins of Software Security